Phishing attack breaches Wisconsin county residents' PHI for 3 months

Manitowoc County in Wisconsin recently notified an undisclosed number of residents about a breach the agency discovered in April that may have left their protected health information exposed for up to three months.

In January, an unauthorized third-party gained access to a Manitowoc County employee email account, the agency wrote in a June 22 statement. The third-party directed messages sent to the Manitowoc County account to a separate email address not operated by the agency. Some emails included the PHI of individuals the county had provided services to, including names, insurance data and treatment information.

Manitowoc County wrote the employee email account was "most likely" comprised through a phishing attack.

Manitowoc County learned of the incident April 24, at which point the agency's information systems department secured IT systems so the unauthorized third-party could no longer access the employee email account. The agency said it is not aware of any misuse of PHI exposed in the breach.

"Manitowoc County is … assessing further options to enhance our controls and make additional investments in protocols, technology and training to make sure a similar issue does not occur in the future," Manitowoc County wrote in the June 22 statement.

Manitowoc County stressed it sent notices to affected individuals earlier this year, but delivered the additional notice June 22 to those who the agency did not have updated contact information for.

More articles on cybersecurity:
3 major HIPAA fines so far in 2018
AHA: FDA must solidify guidance on legacy devices to strengthen cybersecurity
Report: New scam demands ransom payment — but does not deploy ransomware

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers