UPDATE 06/05/2024
We are updating the article just a few hours after its publication.
After more than two weeks, and evidently following our emails and article, the official website of the Village of Elm Grove has today published a notice about the theft of PHI and PII data from their servers.
You can find the statement at the following URL:
https://www.elmgrovewi.org/DocumentCenter/View/5130/Cybersecurity-Incident—Release-060524
On May 21st, the ransomware group Medusa posted the name of Elm Grove Village in Waukesha County, Wisconsin, on their blog. With a population of just over 6,500 according to the 2020 census, Elm Grove was named the best suburb in America by Business Insider in October 2014.
The ransomware group claimed to have stolen over 150GB of data from their victim and provided proof by publishing approximately 50 images of document copies.
Screenshot and redaction by SuspectFile.com
In the file tree published by Medusa, there are over 187,000 documents, which is the amount of data the group plans to release on their Telegram channel in the coming days.
Among the files exfiltrated from the servers of the village in Waukesha County are numerous PHI (Protected Health Information) documents, highlighting yet again the inability of a public entity to safeguard private citizens’ health information.
The redacted data published below pertains to a request for medical records of a citizen born in 2002 and residing in Elm Grove. This request was made in June 2023 by the Elm Grove Police Department and the Waukesha Police Department to The Froedtert & the Medical College of Wisconsin hospital center as part of an investigative inquiry.
The 186-page file (Froedtert Confidential Medical Records 1.pdf) contains the complete medical history of the woman, who was 21 years old at the time of the events. These highly sensitive documents are soon to be made public by the Medusa group, potentially exposing them to anyone in the woman’s community.
Below is an excerpt from the documentation requested by the two police departments.
Screenshot and redaction by SuspectFile.com
Screenshot and redaction by SuspectFile.com
However, these are not the only documents containing PHI and PII data among the over 150GB of data exfiltrated by Medusa. The data also includes sensitive information about minor residents of Elm Grove Village, which SuspectFile.com has decided not to publish.
Other sensitive data is found in another document (Copy of Payroll Master 02 2024 Feb 2024.xlsx), which pertains to the payroll records of the village’s employees.
Screenshot and redaction by SuspectFile.com
Below is a list of the types of data exfiltrated from the servers and encrypted by the Medusa group affiliate:
– First and last names
– Dates of birth
– Gender
– Complete addresses
– Phone numbers
– Email addresses
– Social Security Numbers (SSNs)
– Passports
– Medical records
– Employee payrolls
– Insurance policies
– Medical insurance policies
– Administrative documents
To date, no statement regarding the data theft has been published on the official website. We therefore sent a request for comment regarding the data breach to the Village President and four Trustees of Elm Grove Village. An email was also sent to the Police Department and the Fire Department. However, despite being certain that our email was read by at least two of the recipients, we did not receive a response before the publication of this article.
We will update the article as soon as we are able to provide further details on the case.