Phishing aimed at payroll direct deposits also hits patient data
Wise Health System is notifying about 36,000 patients that their health information may have been compromised after several employees were victimized by a phishing attack.
At Wise Health, a three-hospital delivery system in the Fort Worth region of Texas, intruders obtained usernames and passwords and used that information to access an employee kiosk in an attempt to divert payroll direct deposits, a relatively new tactic in the hacker arsenal.
“Although we do not believe it was the intent of the phishing emails to obtain patient information, access to the email boxes may have compromised your patient information such as your medical record number, diagnostic and treatment information and potentially insurance information,” the organization told patients in a notification letter.
“We believe the purpose of this campaign was to divert payroll deposits. Wise Health has not received any reports of patient identity theft since the date of the phishing incident on March 14 to the present.”
After the breach, the organization altered its security policies and procedures, engaged forensics professionals to investigate the crime and identify potentially compromised patients, and it also apologized to patients.
Wise Health has hired credit firm ID experts to provide a suite of services to patients that include a year of credit protection and cyber scan monitoring, a $1 million insurance reimbursement policy and identity theft recovery services.
Additional information on the incident was not immediately available.