MADISON (WKOW) — A top UW Hospital surgeon was targeted in email hacking, with medical information of more than two thousand patients potentially compromised.
UW Health officials announced this spring potentially affected patients had been notified of the unauthorized access to an employee’s email account. While officials at the time noted no patient’s medical record was breached, they said improper access had taken place to “…patient information, including patients’ names; addresses; dates of birth…medical history and conditions; medications; diagnostic results.”
Recently unsealed Dane County court records show approximately 1,800 emails from the account of kidney and liver transplant surgeon Dr. Anthony D’Alessandro were captured by an unknown computer hacker during two weeks in March. An affidavit from a UW-Madison Police detective to support the search of a Yahoo email account states the breach potentially compromised “sensitive information.”
UW-Madison Police spokesperson Marc Lovicott tells 27 News the origin of the breach was traced to Nigeria. But Lovicott says a detective determined any other feature of the computer hacking was untraceable.
Warnings over Nigerian email scams seeking money have been issued by many consumer-oriented organizations, including the Federal Trade Commission and the Better Business Bureau. Whether a variation of those scams led to the transplant surgeon’s information on patients becoming compromised is unknown, as UW Hospital officials decline to specify how the institution’s cyber security was defeated.
The court-approved search was based on suspected evidence of a misdemeanor computer crime. “Like the phone and other email scams going on right now, it’s impossible for us to find the suspect – so the investigation ended,” Lovicott tells 27 News.
UW Health officials say the incident reinforced educational efforts with employees and providers on emails and patient confidentiality. A dedicated call center was established to answer patient questions.