Decatur, Texas – July 1, 2019 – Wise Health System has been investigating a data security incident involving a phishing attack that may have resulted in the disclosure of the personal information of some of its patients. Wise Health is notifying potentially affected patients and providing these patients with services and resources on how to further protect themselves.
On March 14, 2019, an email phishing campaign was launched against Wise Health System. Unfortunately, a few of Wise Health System’s employees provided their usernames and passwords in response to this phishing email. Once these usernames and passwords were obtained, the intruders used the information to access the Employee Kiosk in an attempt to divert payroll direct deposits. Although we do not believe that it was the intent of the phishing emails to obtain patient information, access to the email boxes may have compromised your patient information such as your medical record number, diagnostic and treatment information, and potentially insurance information. Again, we believe the purpose of this campaign was to divert payroll direct deposits rather than to obtain patient information. However, we felt it would be prudent to make you aware of this incident. Wise Health System has not received any reports of patient identity theft since the date of the phishing incident (March 14, 2019 to present).
Wise Health System values and respects its patients’ privacy, which is why notification letters regarding this incident were mailed and included information about the incident.
Wise Health System sincerely regrets any concern or inconvenience that this matter may cause its patients, and remains dedicated to protecting patients’ personal information.