Wheeling Health Right, Inc. (“WHR “) announced today that the organization was victimized by a highly-sophisticated cyberattack that resulted in unauthorized access to certain types of personal information, including protected health information, relating to patients who applied for or received services from WHR .
“While I am grateful that we are able to once again provide needed services across the Ohio Valley after being shut down by the cyberattack, I am extremely sorry for what happened,” said Kathie Brown, Executive Director. “On behalf of everyone in our agency, I sincerely apologize for the understandable worry this incident must be causing those who may have been affected and we are dedicated to making it right.”
What Happened?
On January 18, 2022, WHR discovered that the organization was the victim of a cyberattack that encrypted its systems. Upon discovery of the attack, WHR engaged legal counsel and a data breach remediation firm to conduct a thorough investigation into the scope of the illicit attack. The investigation determined that an unauthorized cybercriminal may have accessed certain information stored in the organization’s systems, however, WHR is unaware of any actual or attempted misuse of the information as a result of the attack.
Also Read: Four Ways Organizations can Address Cloud Security Risks
What Information Was Involved?
The type of information that may have been accessed includes: full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number, tax information, income information, and other health information about patients who applied for or received services from WHR.
What is WHR Doing?
Following discovery of the cyberattack, WHR immediately initiated remedial security measures to further safeguard patient information. These measures included, among others, retaining a data breach remediation firm to help investigate the scope of the cyberattack, leveraging its information technology service provider to decrypt, recover, and rebuild the organization’s systems, initiating a password reset for all system end users, implementing multi-factor authentication for employee email accounts, and installing endpoint detection and response software.
WHR is also taking steps to implement additional safeguards, review policies and procedures relating to data privacy and security, and enhance employee cybersecurity training in order to protect against similar attacks in the future. In addition, WHR will be notifying regulators, including the U.S. Department of Health and Human Services and other applicable state regulators, about the attack.
What Can Individuals Do?
WHR has engaged a third party to provide identity monitoring services to the affected individuals at no cost for twelve months. WHR has also established a call center to respond to any questions affected individuals may have about the cyberattack or about their identity monitoring services. WHR otherwise recommends that affected individuals remain vigilant over the next twelve to twenty-four months by reviewing account statements and monitoring their credit report for unauthorized activity, especially activity that may indicate fraud and identity theft.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.