Card information stolen in attack on hospital payment vendor

Share this article:

Credit and debit card information for thousands of patients of Medical University of South Carolina (MUSC) may be at risk following a malicious attack on MUSA's third-party card payment vendor, Blackhawk Consulting Group.

How many victims? Roughly 7,000.

What type of personal information? Names, addresses, card numbers, card security codes and email addresses.

What happened? A malicious attack on Blackhawk Consulting Group's software allowed an unauthorized third party to access personal data for MUSC patients who made card payments online and over the phone.

What was the response? The crime has been reported to the FBI and a forensic investigation is ongoing. MUSC sent letters to affected patients, offering them a free year of credit protection services.

Details: Blackhawk Consulting Group alerted MUSC on Aug. 22. The attack affected MUSC patients who made card payments between June 30 and Aug. 21. The investigation is ongoing, as other Blackhawk customers may have been affected.

Quote: “Based on the information we have received to date, information that was not compromised includes dates of birth, Social Security numbers, health information and medical information,” Mark Sothmann, MUSC vice president for academic affairs and provost, wrote to affected patients. “As always, our patients' safety and security remains our top priority and we are underway with creating messaging to notify our patients and/or financially responsible parties of this crime.”

Source: postandcourier.com, The Post and Courier, “Cyber attack threatens financial information for 7,000 MUSC customers (PDF),” Sept. 5, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in The Data Breach Blog

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Malware on Breyer Horses website for about 18 months, payment card data ...

Malware installed on the computer server hosting the Breyer Horses website may have compromised personal information for people who made purchases between March 31, 2013 and Oct. 6.

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.