On October 26, 2023, Western Washington Medical Group (“WWMG”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access information that had been entrusted to the company. In this notice, WWMG explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, WWMG began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from Western Washington Medical Group, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Western Washington Medical Group data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Western Washington Medical Group?

The Western Washington Medical Group data breach was only recently announced, and more information is expected in the near future. Unfortunately, WWMG does not yet appear to have posted a notice about the breach on its website, and the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides very little information on what led up to the breach.

At this point, we know that the WWMG breach consisted of a “hacking / IT incident” that targeted a network server. However, we cannot confirm if hackers were able to access the compromised data through WWMG’s IT systems or if they orchestrated a cyberattack against one of the company’s vendors.

Regardless, after learning that sensitive consumer data was accessible to an unauthorized party, Western Washington Medical Group reviewed the compromised files to determine what information was leaked and which consumers were impacted. WWMG hasn’t publicly released the compromised data types; however, only those breaches that involve the Protected Health Information of more than 500 people must be reported to the U.S. Department of Health and Human Services Office for Civil Rights. Thus, it’s a safe assumption that the incident impacted patients’ Protected Health Information.

On October 26, 2023, Western Washington Medical Group sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Western Washington Medical Group

Established in 1994, Western Washington Medical Group is a healthcare organization based in Everett, Washington. Western Washington Medical Group provides a range of services, including primary care, cardiology, endocrinology, gastroenterology, nephrology, podiatry and more. WWMG operates over 20 locations, serving residents of Snohomish, Skagit, Island, and Whatcom counties. Western Washington Medical Group employs more than 365 people and generates approximately $60 million in annual revenue.