Western Washington Medical Group breach exposes 350K+ individuals


An attack on US-based healthcare provider Western Washington Medical Group (WWMG) likely impacted protected health data.

WWMG, a US healthcare provider based in Everett, Washington, submitted a data breach notification to the US Department of Health and Human Services.

The note says that the hacking incident impacted 350,863 individuals after attackers breached the organizations’ IT systems.

According to law firm The Lyon Firm, breach victims should soon start receiving more detailed breach notification letters indicating what type of data attackers may have accessed.

Individual healthcare data can be sold for hundreds of dollars on dark web forums. For example, malicious actors use medical details for medical identity theft, a type of fraud where threat actors use stolen information to submit forged claims to Medicare and other health insurers.

Meanwhile, other personally identifiable information (PII) may be used to commit fraud, from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.

WWMG is based in Everett, Washington, with over 100 healthcare providers focusing on various lines of care across numerous clinics.