Cyber Incident Victim: Interactive Medical Systems

Interactive Medical Systems (IMS), Wake County’s former flexible benefit spending accounts administrator, experienced a data security breach between July 19, 2019, and December 31, 2019. The breach was discovered by IMS on December 31, 2019, and stemmed from a phishing attack targeting an IMS employee. This unauthorized access exposed the personal information of 1,900 Wake County Government employees. For the majority of affected individuals, the compromised data included names, dates of service, and partial social security numbers. A smaller subset had more sensitive details exposed, including names, addresses, and full social security numbers. IMS formally notified Wake County of the incident via a letter dated January 29, 2020. Wake County’s Chief Information and Innovation Officer, Bill Greeves, clarified that the breach did not involve county systems or employee actions, emphasizing the incident was confined to IMS’s infrastructure.

IMS initiated notification procedures by mailing letters via first-class mail to all affected employees, detailing the breach’s scope and protective measures available to them. The company established a dedicated hotline for impacted individuals to address questions and concerns. For the subgroup whose full social security numbers were exposed, IMS offered one year of complimentary credit monitoring services. To prevent recurrence, IMS implemented security upgrades including enhanced system protections, stricter password policies, and expanded employee security training. No personal data belonging to other Wake County employees or residents was compromised in the incident. The breach’s impact was limited to former IMS clients within Wake County’s employee cohort, with no evidence of broader exploitation beyond the disclosed timeframe.