Cyber Incident Victim: Wise Health System

On March 14, 2019, Wise Health System experienced a cybersecurity incident when attackers executed a phishing campaign targeting employee email accounts. Several employees fell victim to the phishing attempt, disclosing their login credentials to unauthorized actors. The attackers used these compromised credentials to gain access to the organization’s Employee Kiosk system, which facilitated payroll management. Their primary objective appeared to be diverting employee payroll direct deposits, indicating a financially motivated attack. While the breach initially targeted payroll systems, the compromised email accounts contained sensitive patient information, creating secondary exposure risks. Wise Health detected the intrusion promptly but did not specify the exact timeline between credential compromise and discovery. The organization secured the affected accounts and initiated an investigation to determine the scope of unauthorized access.

The incident potentially exposed protected health information (PHI) of 35,899 patients, as reported to the U.S. Department of Health and Human Services. Exposed data included medical record numbers, diagnostic and treatment details, and insurance information stored within employee email accounts. Wise Health emphasized no evidence suggested attackers intentionally sought patient data, reiterating the campaign’s focus on payroll diversion. No reports of patient identity theft or misuse of PHI were identified between March 14 and the July 2019 notification date. The organization issued breach notifications to affected individuals and contracted ID Experts to provide identity protection services. Internal measures to prevent payroll fraud were implemented, though specific technical or procedural changes were not disclosed in the public notification.