The Catalyst

Vendor suffers cyber-theft of credit card information

Staff Report

On Aug. 22, MUSC was notified by a third-party credit card processing vendor, Blackhawk Consulting Group, that approximately 7,000 individuals who used a credit or debit card online or by telephone to pay for health care services were victims of a cyber-theft of personal information.

Forensic discovery of this kind typically takes multiple days in order to provide a thorough and accurate assessment of what happened and to complete system repairs.

Based on the investigation, no patient medical record information was accessed during the theft. It seems the goal of the intrusion was to steal financial information, which included names, billing addresses, credit and debit card numbers and expirations dates, credit and debit card authorization numbers and email addresses.

The theft occurred for customers who made payments via the MUSC Physicians online payment portal or for an MUSC Physicians or MUSCHealth account by credit or debit card over the telephone between June 30 and Aug. 21.

Anyone who believes his or her information may have been compromised should contact their credit or debit card company or bank immediately. It is MUSC’s understanding that Blackhawk has reported the theft to the FBI.

When MUSC learned of the attack, the online payment option was immediately suspended, and Blackhawk began to investigate the intrusion. As always, safe and secure information remains a top priority, and MUSC implemented a notification process for affected individuals to share the details of this crime and advise them on what steps they need to take now.

Affected individuals received a pre-recorded phone message providing more information about the theft. MUSC is working with Blackhawk and Experian’s fraud protection program to launch a support system that will provide free credit monitoring through a customized call center designed to walk all concerned customers through the steps they should take to further protect their personal information.

An MUSC-based call center will help confirm whether a person was a victim of this information theft and, if necessary, will provide confirmed victims with information regarding the credit monitoring service.

Information is available online at academicdepartments.musc.edu/cyberinfo/. The number for the MUSC call center is 792-6200 or toll free at 800-868-5051.

September 11, 2013
 
 
 

© 2013  Medical University of South Carolina | Disclaimer