Manitowoc County Phishing Attack Results in PHI Thievery

July 13, 2018

 

Manitowoc County in Wisconsin has disclosed that protected health information has been unlawfully obtained because of a successful phishing attack. The occurrence happened almost January 14, 2018, even though the attack and data breach was not known until April 24. Although the account was swiftly protected to halt any more access, the hacker had well over two months to see and copy confidential data saved in the electronic mail account.

Throughout the time period that the hacker had electronic mail account access, electronic mails transmitted to that account were re-routed to a different electronic mail account to which Manitowoc County workforce had no access. Although County officers have not found any evidence to show any of the information in the electronic mails has been abused, they have similarly not been able to get rid of the abuse or sale of that confidential data.

The type of information that was gotten contain names, electronic mail addresses, telephone numbers, addresses, and birth date details. People who received facilities via the County have also had their health information, client ID details, details of prescriptions, insurance information, diagnoses and other medication connected information obtained by the hacker.

Manitowoc County has not issued information on the number of people who have been impacted and the occurrence has yet to be listed on the Division of Health and Human Services’ Office for Civil Rights (OCR) breach portal. Nevertheless, Manitowoc County has now issued warnings to all people affected by the phishing attack.

Breach sufferers have been instructed that they must be prepared to phishing electronic mails that claim to be from Manitowoc County. County officers have said that that they will not transmit any electronic mails or make calls to people affected by this occurrence or ask for more private information. People affected by the breach have also been advised to be cautious of any electronic mails including hyperlinks, to exercise caution opening any electronic mails, and not to unveil confidential information to people over the phone.

The phishing attack has led to the County to take extra measures to improve safety controls and additional investments will be made in new procedures, technology, and training to halt more successful phishing attacks from taking place.