DECATUR, Texas, Feb. 13, 2020 /PRNewswire/ — Wise Health System in Decatur, TX, has started sending notifications to patients to inform them that some of their protected health information (PHI) has been exposed as a result of a phishing attack. 66,934 patients have potentially been affected.
The attack occurred on March 14, 2019. Several employees received phishing emails and some responded and disclosed their account credentials. The credentials were then used to gain access to the Employee Kiosk, where the attacker(s) attempted to reroute payroll direct deposits. Attempts were made to redirect approximately 100 direct deposit payments.
Wise Health had policies in place that require a paper check to be printed for two successive payrolls following a change to direct deposit information. The checks were printed in the payroll on April 5, 2019 and the unusually high number of checks raised the alarm, thanks to the two-check policy. A system-wide password change was immediately performed to lock out the attackers and two third-party forensic firms were hired to investigate the breach. The breach was also reported to the FBI.
The sole purpose of the attack appears to have been to reroute direct deposits, although the stolen credentials would have allowed access to be gained to employee email accounts. Those accounts contained patients’ names, medical record numbers, diagnostic information, treatment information, and health insurance information.
Wise Health System does not believe PHI was accessed by the attackers and there have been confirmed reports that patient information has been misused. Both forensics firms and the FBI share that point of view. The investigators all agreed they have never seen a direct deposit attack such as this where the attackers have stolen patient data. These gangs specialize in direct deposit fraud. The attackers in this case were traced to Africa by the FBI, which has now closed its investigation.
A data audit was completed to determine the scope and nature of the information potentially compromised, which began in June 2019 and was recently completed. Since unauthorized PHI access and data theft could not be ruled out, to ensure patients are protected, notification letters were sent on February 13, 2020, and affected patients have been offered between twelve and twenty four (12-24) months of complimentary membership to ID Experts MyIDCare service, which includes credit monitoring, identity theft recovery, and insurance coverage.
Wise Health System has reviewed its security policies and procedures and has taken numerous steps to reinforce security. Additionally, Wise Health System has established an informational line for potentially impacted individuals to call at (940) 539-3500 or (940) 627-5921 ext. 9088.
SOURCE Wise Health System