UW Health reports data breach caused by hacking employee's email

UW Health has reported a cybersecurity breach caused by the compromise of an employee's email account, leading to unauthorized access to patient information. UW Health is the integrated health system of the University of Wisconsin–Madison. The health system includes six hospitals and more than 90 primary and specialty outpatient locations throughout Wisconsin, Illinois, and Michigan.

This breach was first detected on January 5 during an investigation into an "email incident," involved an outsider gaining access to the email account between September 20 and December 5. UW Health has reset the compromised employee's password and enlisted the help of a cybersecurity firm for further assistance.

A review concluded on February 9 revealed that a "limited" number of emails were accessed, which contained sensitive patient information such as:

• names,
• dates of birth,
• medical record numbers,
• clinical details like service dates, provider names,
• diagnoses.

UW Health has not disclosed the total number of patients affected. Per the report he breached emails did not include Social Security numbers, health insurance ID numbers, or financial data of any patients.

UW Health is notifying individuals whose information was compromised and for whom they have contact details.