[BreachExchange] Texas health system alerts 66, 000 patients of phishing scheme

[Destry Winant]

https://www.beckershospitalreview.com/cybersecurity/texas-health-system-alerts-66-000-patients-of-phishing-scheme.html

Decatur, Texas-based Wise Health System began notifying 66,934
patients that their protected health information may have been exposed
in a phishing attack, according to a Feb. 13 news release.

On March 14, 2019, several employees at Wise Health System fell victim
to a phishing email. In the email, hackers asked employees to disclose
their account credentials. After employees provided the information,
the hackers attempted to reroute payroll direct deposits.

Wise Health System estimates that the hackers attempted to redirect
around 100 direct deposit payments. However, the health system has a
policy requiring a paper check be printed for two successive payrolls
after a change to direct deposit information, which helped them
discover the security breach.

In April, Wise Health System officials were suspicious about an
unusually high number of printed checks. The health system issued a
system-wide password change and hired a third-party forensic team to
investigate.

Upon investigation, Wise Health System believes that the hackers were
only trying to reroute direct deposits. However, since the attackers
gained access to employees' email accounts, Wise Health System is
notifying patients whose information was stored in the email accounts.

Patient data that may have been exposed included names, medical record
numbers, diagnostic information, treatment information and health
insurance information. Wise Health System said there is no evidence
that patient data has been misused or even viewed.