Wise Health System is notifying almost 35,899 patients that it suffered a phishing attack compromising employees’ email account, which might have exposed patients’ medical information.
The healthcare provider noted that they experienced a phishing campaign on March 14, 2019, and some of their employees fell victim to the phishing attack by providing their usernames and passwords. Using the credentials obtained from employees, the attackers gained access to the Employee Kiosk in order to divert payroll direct deposits.
Although the intent of the phishing campaign is to divert payroll direct deposits, the compromised email accounts that stored patient information might have been accessed.
What information was involved?
The compromised employee email accounts included patients’ medical record number, diagnosis and treatment information, and insurance information.
“Again, we believe the purpose of this campaign was to divert payroll direct deposits rather than to obtain patient information. However, we felt it would be prudent to make you aware of this incident. Wise Health System has not received any reports of patient identity theft since the date of the phishing incident,” Wise Health System said in a security notice, Databreaches.net reported.
What was the response?