Cyber Incident Victim: Wellstar Health System

Wellstar Health System experienced a data security incident involving unauthorized access to two employee email accounts. The organization detected unusual activity on February 7, 2022, through its security monitoring systems. Subsequent investigation determined that an unauthorized party had gained access to one or more accounts during a period spanning from December 6, 2021, to January 3, 2022. Upon discovery, Wellstar immediately disabled access to the compromised accounts and implemented mandatory password resets across affected systems. The breached email accounts contained various types of patient information including names, medical record numbers, laboratory information, and internal Wellstar account numbers. Notably, the investigation confirmed that Social Security numbers remained unaffected by this incident.

In response to the breach, Wellstar implemented enhanced technical safeguards on its email systems to reduce future risks. The organization conducted additional employee training programs focused on recognizing malicious email threats and improving security awareness. While no evidence suggested misuse of the accessed information, Wellstar notified affected patients about the potential exposure of their data and advised vigilance regarding identity protection. The health system's public disclosure emphasized ongoing efforts to strengthen security protocols without specifying the number of impacted individuals or providing details about the attacker's identity or methodology.