Western Washington Medical Group reports data breach, exposing patient data

On October 26, 2023, Western Washington Medical Group (WWMG), a healthcare entity located in Everett, Washington reported a data breach after a threat actor gained access to confidential data held by the organization. This breach enabled the intruder to view and potentially misuse private consumer information.

Currently, it's understood that the breach at WWMG was a result of a "hacking/IT incident" specifically targeting a network server. It remains unclear whether the perpetrators gained access directly through WWMG's IT infrastructure or if they exploited a vulnerability in one of WWMG's vendor systems.

Once WWMG became aware that sensitive consumer data was vulnerable, they assessed the exposed files to ascertain the extent of the breach and identify the affected consumers. WWMG has not publicly disclosed the nature of the data accessed nor the number of affected individuals but the number of affected individuals is greater than 500 per requirements for public reporting.

WWMG initiated the process of sending out data breach notifications to the affected individuals, providing details on the nature of data exposed.