Exploit: Phishing attack
Wise Health System: Medical provider serving patients in Decatur, Texas
Risk to Small Business: 2 = Severe Risk: On March 14th, several employees fell for a phishing scam and entered their usernames and passwords on a false form. Hackers used this information to access an employee kiosk where they attempted to divert payroll deposits. IT administrators don’t believe that the hackers pursued patient data, but this information was included in the compromised accounts. Now, Wise Help System is responsible for providing a year of identity theft protection services to thousands of victims while also facing increased regulatory scrutiny because of their failure to report the incident within 60 days.
Individual Risk: 2.428 = Severe Risk: In addition to the employee account details compromised in the breach, patient data was available to hackers. This includes patients’ medical record numbers, diagnosis, treatment information, and insurance data. Therefore, patients should monitor their accounts for unusual activity while also taking advantage of the identity theft monitoring services offered by Wise Health System.
Customers Impacted: 35,899
How it Could Affect Your Customers’ Business: Phishing attacks are entirely preventable because they rely on employee ignorance and indifference to perpetuate data theft. However, with the right training, employees can be trained to spot phishing scams, effectively rendering them useless. It’s a cost-effective way to mitigate a serious risk to any company’s data security initiatives.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
