By HFT Staff

On April 20, 2023, Atrium Health Wake Forest Baptist learned that an unauthorized third party gained access to an employee’s email account on that same day through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The malicious email misleads the recipient to share or provide access to their account login information. 

They immediately began an investigation, took the necessary steps to secure the affected account and confirmed the unauthorized third party had no further access. Wake Forest Baptist also engaged a computer forensic firm to assist them with their investigation and notified law enforcement. Based on their findings, it appears the unauthorized third party had access to the affected account for a short time between April 18, 2023 – April 20, 2023. The forensic examination indicated the activity of the unauthorized third party was not focused on email content pertaining to medical or health information.  

Unfortunately, it was not possible to conclusively determine whether the unauthorized third party actually viewed any emails or attachments in the account. As a result, they conducted a review of the account to determine what information may have been accessible to the unauthorized third party. The information involved varied by individual, but generally included names, dates of birth, hospital account record numbers, health insurance information, treatment cost information, and/or clinical information, such as dates of service, provider names or locations of service. In some instances, patients' Social Security numbers were also identified in the account.  

Not all of Wake Forest Baptist’s patients were impacted, only those whose information happened to be in the files used by the employee’s account. Additionally, their electronic medical record systems are separate from their email accounts and were not affected by this incident.  

They have no indication that anyone’s information was actually viewed by the unauthorized third party or that it has been misused. However, as a precaution, they are mailing notification letters to individuals whose information was identified through their review and for whom they have sufficient contact information. The notification letters include a Reference Guide that provides additional information on general steps individuals can take to monitor and protect their personal information. Although Wake Forest Baptist are unaware of any actual or attempted misuse of patient information as a result of this incident, they encourage affected patients to carefully review their credit reports and similar types of documents that might indicate questionable activity. For those whose Social Security numbers were identified in the account, they are offering complimentary credit monitoring and identity protection services.