Email phishing attack at the Wise Health System impacts PHI of patients.

This July, the Washington-based Wise Health System (WHS) notified nearly 36,000 patients of email phishing attacks that affected their protected health information (PHI). The affected information includes medical record numbers, diagnostic and treatment data, and insurance information. 

On March 14, 2019, employees at WHS responded to phishing emails by entering their usernames and passwords. The objective of this attack was to redirect payroll deposits to the attacker's account. Fortunately, their payroll system follows the procedure of printing a paper check for two successive pay periods following a change to deposit information. Since there were an unusually high number of checks to be printed the following month, it got the attention of the payroll team. 

Even though the attacker targeted the payroll system, the affected members were notified about the breach, since the compromised email accounts contained patient information. WHS is offering free identity theft protection services to affected customers for a year. It also hired a third-party forensics expert to update its security protocols. The breach has been to reported to the local law enforcement and the U.S. Department of Health and Human Services (HHS).

Attackers use techniques like phishing, brute force, and credential stuffing attacks to gain access to email accounts. A smart tool like Exchange Reporter Plus enables organizations to stay ahead of attackers by monitoring for and thwarting email-bound cybersecurity threats. Download a free, 60-day trial of Exchange Reporter Plus today.