The Medical University of South Carolina (MUSC) sustained its largest breach ever between June 30 and Aug. 21 when a third-party credit card processing company compromised 7,000 patients’ data.
Though no medical data was hacked, patient data such as names, billing addresses, credit card numbers, expiration dates, authorization numbers and email addresses were potentially exposed as a result of the breach.
Instead of sending patient notification letters, it appears MUSC is leaving pre-recorded phone messages for the 7,000 affected patients. And the school will team up with Blackhawk to provide patients with free credit monitoring and a call center that will help patients through the steps of checking on their credit and identities. MUSC and Blackhawk are using Experian to offer these services to patients.
Dr. Pat Cawley, the executive director of the Medical University Hospital, told the Post and Courier that there are no immediate plans to terminate its contract with Blackhawk Consulting Group. She also, said Blackhawk bears financial responsibility for the attack affecting MUSC customers.
End to end data encryption could have stopped this breach. It's not only important to encrypt in-house data, but also to make sure third-parties also encrypt your data on their systems.