Wyoming hospital hit by phishing attack
Wyoming Medical Center in Casper will notify 3,184 patients after two employees were fooled by phishing emails that enabled an intruder access to some protected health information.
The incidents in February affected two “organizational” email accounts containing information about hospital purchases as well as information on patients who being kept in isolation for precautionary reasons, a hospital statement said.
Phishing attacks aim to fool employees into disclosing network credentials, typically to resolve an apparent problem. Typically, employees are fooled by what appear to be urgent and legitimate emails or phone calls.
However, hospitals officials said that while the unauthorized party had access to the data for 15 minutes, they do not believe it was accessed and “at no time was there any unauthorized access to Wyoming Medical Center’s electronic medical record systems.”
Also See: 10 steps to reduce your ransomware risks
Data that could have been compromised included patient names, medical records numbers, account numbers, dates of service, dates of birth and limited medical information.
Patient addresses, Social Security numbers and insurance information were not accessible in the breach, and for that reason, the hospital is not offering credit or identity theft protection services to affected individuals. Instead, the provider is encouraging them to have a fraud alert placed on their credit files.
“Because of the limited information contained within the compromised email accounts, there is little to no risk to patients who may have been affected,” according to the hospital statement. A spokesperson for the hospital did not respond to a request for additional information.