DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Milwaukee VA Medical Center announces breach of veterans’ information

Posted on September 2, 2016 by Dissent

Network security breach with Milwaukee VA affiliate

September 1, 2016

On August 22, 2016, Medical College of Wisconsin notified Milwaukee VA Medical Center of an incident compromising an MCW employee’s email address and, subsequently, private and protected health information of 21 veterans.

On Aug. 29, 2016, Milwaukee VA notified 19 of the 21 veterans of a breach of personal and protected health information by sending a letter depicting the event and providing resources to protect and monitor each veteran’s private and protected health information.

Milwaukee VA shares health information with MCW as an academic affiliate. This breach of security of veteran health information is serious and Milwaukee VA is here to protect and provide world-class healthcare to our former service men and women. If any event negatively affects our veterans, VA will do everything in our power to correct and prevent these types of events. It is our honor to serve those who serve us and Milwaukee VA will always ensure the care they deserve.

As of today, no reports from veterans were made regarding malicious activity stemming from this information.

Attached is the letter sent to veterans.

SOURCE: Milwaukee VA Medical Center.

The 21 veterans were only part of the story, though. The Medical College of Wisconsin issued its own notification that indicated that 3,200 patients were part of a security breach, with unusual activity in an employee’s email account noticed on July 5.  WISN reports:

On Aug. 3, forensic investigation determined that an unauthorized third-party had accessed the email account over a limited three-day period from July 2 to July 4.

Their notification letter does not appear to be on their web site at the time of this publication. Any bets as to whether their notification says that their employee mismanaged the email account, as the VA Medical Center claimed in their notification letter to those affected?

According to WISN, the email account in question contained full names, dates of birth, home addresses, medical record numbers and codes or notes related to diagnosis or treatment provided. Also, the Social Security numbers of two patients were included in the email account.

Related posts:

  • Veterans Administration responds to Freedom of Information request; releases breach reports
  • More than 2,000 veterans had their PHI breached in April
  • Penn State College of Engineering hacked; China suspected in at least one attack (updated)
  • Our veterans deserve better infosecurity of their information
Category: Government SectorHealth DataSubcontractorU.S.

Post navigation

← Summer Round-Up: Four States Bolster Data Breach Notification Laws and More Changes on the Way
Noble House Hotels & Resorts updates breach disclosure as more properties identified as affected →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.