Cyber Intrusion Information
Press Release: MUSC vendor suffers cyber theft of credit/debit card information
Blackhawk Consulting Group and MUSC provide next steps and issue resolution
Charleston, S.C. (Sept. 5, 2013) –
The Medical University of South Carolina (MUSC) needs mass media’s help to deliver the following information to the community in a timely and accurate way.
On August 22, MUSC was notified by a third party credit card processing vendor, Blackhawk Consulting Group, that we were victims of a cyber-theft of personal information involving approximately 7,000 individuals who used a credit card online or the telephone to pay for health care services. Forensic discovery of this kind typically takes multiple days in order to provide a thorough and accurate assessment of what happened and to complete system repairs. With an initial analysis complete, MUSC needs media’s help to let those who’ve been affected know that they are at risk.
Based on the information made available now, no patient medical record information was accessed during the theft. It seems the goal of the intrusion was to steal financial information which included names, billing addresses, credit card numbers and expirations dates, credit card authorization numbers and email addresses. The group affected by the theft made payments via the MUSC Physicians online payment portal or for an MUSC Physicians or MUSCHealth account by credit card, over the telephone between the dates of June 30, 2013 and August 21, 2013. MUSC recommends that anyone who believes they may have been affected should contact their credit card company or bank immediately. Media may want to use the following matrix (below) to help individuals determine the risk of credit card fraud as a result of this intrusion into the Blackhawk system. It is MUSC’s understanding that Blackhawk has reported the theft to the FBI.
When MUSC learned of the event on August 22, the online payment option was immediately suspended and Blackhawk began to investigate the intrusion. As always, safe and secure information remains a top priority and MUSC implemented a notification process for affected individuals to share the details of this crime and advise them on what steps they need to take now. For anyone who thinks they may have been affected, MUSC recommends contacting credit card companies or banks immediately. Affected individuals will receive a pre-recorded phone message providing more about the theft, and MUSC is working with Blackhawk and Experian’s fraud protection program to launch a support system that will provide free credit monitoring through a customized call center designed to walk all concerned persons through the steps they should take to further protect their personal information.
An MUSC-based call center will help confirm whether a person was a victim of this information theft and if necessary, will provide confirmed victims with additional information regarding the credit monitoring service. More information is available on the MUSC website (www.musc.edu/cyberinfo) and more information will be posted as it is made available in the coming weeks. The number for the MUSC call center is 843-792-6200 or toll free 1-800-868-5051.
For Immediate Release
Contact: Heather Woolwine