Cyber Incident Victim: Campbell County Health
Date:
Jan 2017
Location:
United States of America
Summary
A Wyoming-based healthcare organization fell victim to a phishing attack where an impersonator posing as a hospital executive successfully obtained sensitive employee data. The breach resulted in the unauthorized disclosure of approximately 1,400 employees' Social Security numbers and W-2 tax information from the prior year, compromising personally identifiable and financial details through fraudulent email deception tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 25, 2017, Campbell County Health in Wyoming experienced a data breach involving unauthorized access to employee tax and identity information. An attacker successfully impersonated a hospital executive through a phishing scheme, deceiving personnel into disclosing sensitive W-2 forms and Social Security numbers for approximately 1,400 employees who had worked at the facility during the preceding year. The compromised records included detailed payroll and tax data typically found on W-2 forms, exposing affected individuals to potential identity theft and financial fraud. The breach occurred on a Wednesday, with public disclosure following the next day through local media reports. No evidence suggested patient data or medical records were accessed during the incident. The attack mirrored contemporaneous phishing campaigns targeting educational institutions and businesses during tax season, when W-2 information holds heightened value for filing fraudulent returns.
The hospital acknowledged the unauthorized disclosure but did not specify operational disruptions or immediate containment measures taken following discovery. While the article provided no details about forensic investigations or notification procedures, the breach's confirmation placed Campbell County Health among multiple organizations compromised through similar executive impersonation tactics in early 2017. Other victims during this period included Dracut Schools, Tipton County Schools, Odessa School District, Marin Software, UGI Utilities (affecting 1,900 employees), Sunrun, Lexington School District Two in South Carolina, and Mercedes Independent School District in Texas. The incident highlighted systemic vulnerabilities to social engineering attacks targeting payroll departments, with compromised data enabling criminals to file fraudulent tax returns or commit identity theft against healthcare workers. Financial and reputational consequences for both the organization and impacted employees remained unquantified in available reporting.