MILWAUKEE (WITI) -- On December 14, 2012, Froedtert Health learned that a computer virus may have allowed an unauthorized person to access patient files through a staff member’s work computer.
Working with a computer forensics company, Froedtert Health immediately began an investigation, which took several weeks to complete.
No evidence was found to indicate that any patient’s information has been accessed by any unauthorized person. But as a precaution, Froedtert Health is notifying affected patients to let them know this occurred.
No patient financial information or medical records were accessed or affected by this incident.
However, the computer experts cannot definitively rule out the possibility the virus was able to obtain other information from files stored on the Froedtert Health network that were accessible through the staff member’s computer.
These files may have contained patient names, addresses, telephone numbers, dates of birth, medical record numbers, names of health insurers, diagnoses and clinical information. Fewer than three percent of the files may have contained Social Security numbers.
Letters were mailed this week to approximately 43,000 patients whose records may have been affected.
These patients received care at Froedtert Health affiliates Froedtert Hospital, Milwaukee; Community Memorial Hospital, Menomonee Falls; St. Joseph’s Hospital, West Bend; and Froedtert Health Medical Group (formerly known as Medical Associates of Menomonee Falls and the West Bend Clinic).
Froedtert Health has set up a call center for patients who have questions, and has posted this information on its websites froedtert.com and froedterthealth.org at www.froedterthealth.org/computer-security-incident.
Froedtert Health officials say they deeply regret any concerns this may cause patients.
Unfortunately, such computer attacks are increasingly common, affecting organizations worldwide.
Froedtert Health officials say they continually update computer virus protections and Froedtert Health is conducting a comprehensive internal review of information security practices and procedures to help prevent such events in the future.