Data Breaches | News

Medical University of SC Suffers Theft of Credit Card Info Through Third-Party Provider

• By Dian Schaffhauser
• 09/17/13

The Medical University of South Carolina has been reaching out to 7,000 customers of medical services to let them know their credit card information has been stolen. The cyber-theft came to the attention of the medical institution when it was notified by Blackhawk Statement Group, a third-party vendor that handles credit card processing for the university as well as a number of other institutions, some of which may also have had records stolen. The FBI has been brought in on the case.

The Medical University has a medical center and six colleges primarily for the education of health professionals and biomedical scientists.

The intruders broke into Blackhawk's database and stole names, addresses, credit card numbers, credit card security numbers, and email addresses of people who paid hospital or doctor bills online or over the phone using a credit card or debit card between June 30, 2013 and August 21, 2013.

According to materials made available by the medical university, there's no evidence that the thieves took health information, date of birth, or social security information details of those otherwise affected.

Local coverage in The Post and Courier Web site said the university found out about the data theft from Blackhawk on August 22, but delayed communicating to those affected until it had a plan for response. The reporting also quoted an attorney for Blackhawk stating that about 3,000 people at two other institutions outside of South Carolina were affected, but she wasn't at liberty to name them.

"Forensic discovery of this kind typically takes multiple days in order to provide a thorough and accurate assessment of what happened and to complete system repairs," stated the university's Interim President Mark Sothmann in a letter to the faculty and staff.

Blackhawk is working with the university to provide free enrollment in a credit protection program for a year through Experian. However, those who have been notified by the school have also been advised to communicate with their credit or debit card provider to alert them to the possibility of a compromise.