Wise Health System is notifying almost 35,899 patients that it suffered a phishing attack compromising employees’ email account.
The company found that they experienced a phishing campaign where-in employees fell victim by providing their username and passwords.The credentials that were obtained and the attackers gained access to the Employee Kiosk in order to divert payroll direct deposits. Although the company noted it experienced phishing campaign on March 16,2019, and as per the details all stored data about patient and medical information, might have got exposed.The information that got exposed through compromised employee email accounts included medical record number, diagnosis, treatment information and insurance information.
“Again, we believe the purpose of this campaign was to divert payroll direct deposits rather than to obtain patient information. However, we felt it would be prudent to make you aware of this incident. Wise Health System has not received any reports of patient identity theft since the date of the phishing incident,” Wise Health System said in a security notice.
The company upon learning about the phishing attack reported the matter to law enforcement authorities and hired forensic experts to investigate the incident. And took the necessary steps to review and update its security policies in place, in order to avoid such incidents from happening in the future. Further, it is providing 12 months of free identity theft monitoring services and a $1,000,000 insurance reimbursement policy for all potentially impacted patients.
(Image Courtesy: www.cybersecurity-review.com)