Cyber Incident Victim: Wayne County Hospital
Date:
Apr 2021
Location:
United States of America
Summary
Wayne County Hospital experienced a cybersecurity incident involving unauthorized access to employee email accounts following a phishing attack, potentially exposing sensitive patient information. The compromised data included names, Social Security numbers, financial account details, and medical records of over 2,000 individuals. After detecting the breach, the organization secured its network, initiated an investigation with external cybersecurity experts, and implemented measures to prevent future occurrences while working to determine the root cause of the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 22, 2021, Wayne County Hospital in Corydon, Iowa, discovered it had fallen victim to a phishing attack targeting employee email accounts. The hospital immediately initiated security measures to protect its network and engaged a third-party cybersecurity firm to conduct a forensic investigation. The investigation confirmed unauthorized actors had successfully compromised certain employee email accounts during the breach. While the exact duration of unauthorized access wasn't publicly disclosed, the hospital's prompt containment actions aimed to limit further exposure. No evidence suggested the attackers specifically targeted patient data during the intrusion, though the compromised accounts contained sensitive information.
The hospital concluded its investigation by July 30, 2021, determining that 2,016 patients had their personal and medical information exposed in the breach. Exposed data included patient names, Social Security numbers, financial account details, and medical-related information stored within the affected email accounts. Wayne County Hospital began notifying all impacted individuals following the investigation's completion, though specific notification methods weren't detailed in public reports. The hospital publicly acknowledged working to identify how the phishing breach occurred while implementing undisclosed preventive measures to avoid recurrence. No ransomware deployment, data theft demands, or operational disruptions beyond the email compromise were reported in connection with the incident.