Stay informed: What you need to know about cybersecurity

As our ability to communicate and interact with our patients is improved by new technologies, an unfortunate side effect is an increase in criminals targeting patients with phone or Internet scams. Please review the information below to learn about known issues and how to stay safe.

Update as of March 2024

Notice to our patients

UW Health is committed to protecting the confidentiality and security of our patients’ information. Regrettably, we recently identified and addressed a security incident that involved some of that information.

On Jan. 5, 2024, our ongoing investigation into an email incident determined that an unauthorized person gained access to an employee’s email account. Upon identifying suspicious activity in the account, we immediately changed the employee’s password and began an investigation with the assistance of a cybersecurity firm. The investigation determined that the unauthorized person accessed the email account at various times between Sep. 20, 2023, and Dec. 5, 2023, and during that time, accessed a limited number of emails. We immediately began a review of the emails involved to determine what information may have been viewed by the unauthorized person.

Through this review, which concluded on Feb. 9, 2024, we identified some of our patients’ information, including one or more of the following: names, dates of birth, medical record numbers and/or clinical information, such as dates of service, provider names or diagnoses. The emails did not contain any patients’ Social Security number, health insurance ID number or financial information.

We have no indication that any information has been misused. However, as a precaution, we are mailing notification letters to individuals whose information was identified through our review and for whom we have sufficient contact information. We have also established a dedicated, toll-free call center to answer questions that individuals may have about the incident. If you have questions, please call (866) 495-2398, available Monday through Friday, 8 a.m. to 5:30 p.m. Central Time.

Additionally, we’d like to remind patients that it is always a good idea to carefully review the communications they receive from UW Health and other health care providers, including electronic messages, billing statements and other written communication. If patients see charges for services they did not receive, they should contact UW Health or the other health care provider immediately.

To help prevent something like this from happening again, we are increasing our email security and providing additional workforce training on email best practices.

Scams

What you need to know

UW Health advises people to be vigilant when callers or emails request personal or financial information such as health history, Social Security, Medicare ID numbers or payment information.

Listed below are known scams. Please note, scam efforts are constantly changing and can be very sophisticated. While these are the ones we are currently aware of, there may be others.

If you have any doubts, contact UW Health.

MyChart

In the past, UW Health MyChart users have been the targets of scams through the use of fraudulent websites. These types of websites could be used to acquire usernames, passwords or other sensitive information.

How to stay safe

  • Access MyChart through the mobile app on your phone

  • If you access MyChart through a web browser, ensure the address begins with https://mychart.uwhealth.org

  • Do not enter your information if you are uncertain or have doubts about the site

For problems with accessing MyChart or to report any suspicious sites or activity, please call: (877) 768-0732

Examples of other scams

Scammers frequently target patients of health care systems for numerous reasons, including fraudulent Medicare claims. Other types of scams that may occur:

  • Scammers claiming to be UW Health employees, contacting people by phone and asking about common health conditions, such as knee or back pain.

  • “Phishing” emails imitating UW Health branding, such as logos and colors, attempting to coax patients into giving out MyChart login credentials.

  • "Phishing" text messages that may include links to malicious sites or request login credentials.

How to stay safe

Protect your information

Protect your information online

  • Use a strong password that is unique to every website you use.

  • Always utilize multifactor authentication for websites that offer it.

  • Install security updates when available to your computer, phone and tablet.

  • Utilize antivirus/antimalware software on all personal computers.

  • Do not click on a suspicious link, visit the site directly through a known web address or mobile app.

  • Monitor personal credit reports.

How to detect a scam

Know this about UW Health when we contact you:

  • We do not participate in lotteries or promotions offering monetary prizes or gift cards.

  • We will not contact patients by phone to demand emergency payment of an insurance premium for a policy that is about to lapse or to pay a bill. We might call to offer account resolution options such as a payment plan or financial assistance.

  • We will not get agitated or threaten a customer if a payment is needed.

  • Our patients might occasionally receive a call, text or email for pre-registration or patient satisfaction surveys. If you are suspicious, gather any information if possible, hang up and call the UW Health hospital or clinic you visited or plan to visit.

  • We use regular billing periods and regularly scheduled premium notices to notify customers of any amounts they owe.

  • If the UW Health name or logos are used in a communication and you are suspicious, call the UW Health facility you visit to help determine what you received is authentic.

  • UW Health works with small number of third-party vendors who occasionally contact patients. If you are suspicious of a call from another company about your care at UW Health, hang up and call UW Health to verify we do business with them.

  • We might send overdue accounts to a collection agency who could call to assist with your payment. If you are suspicious, hang up and call UW Health.

What to do if you shared information with a scammer

Report any identify theft to the Federal Trade Commission (FTC).

Do not feel embarrassed or ashamed. Many people have been impacted by scammers.

If you provided financial or account information to a suspected scam artist, contact your bank, credit card company and credit monitoring services to report possible fraud, and carefully monitor any affected accounts for suspicious activity in the weeks following the incident.

If you clicked on a link in an email, run a virus scan on your device. If it is a mobile phone, consider contacting your phone service provider for assistance. For personal laptop or desktop computers, consider contacting a service that specializes in computer maintenance.

If you accessed a link through a work computer, contact your company's IS/IT department.

You may be asked to file a police report. This can also help law enforcement know how widespread the issue is.