Atrium Health Wake Forest Baptist Hit by Cyberattack

The attack was conducted through a phishing email.

By HFT Staff


On April 20, 2023, Atrium Health Wake Forest Baptist learned that an unauthorized third party gained access to an employee’s email account on that same day through phishing. “Phishing” occurs when an email is sent that looks like it is from a trustworthy source, but it is not. The malicious email misleads the recipient to share or provide access to their account login information. 

They immediately began an investigation, took the necessary steps to secure the affected account and confirmed the unauthorized third party had no further access. Wake Forest Baptist also engaged a computer forensic firm to assist them with their investigation and notified law enforcement. Based on their findings, it appears the unauthorized third party had access to the affected account for a short time between April 18, 2023 – April 20, 2023. The forensic examination indicated the activity of the unauthorized third party was not focused on email content pertaining to medical or health information.  

Unfortunately, it was not possible to conclusively determine whether the unauthorized third party actually viewed any emails or attachments in the account. As a result, they conducted a review of the account to determine what information may have been accessible to the unauthorized third party. The information involved varied by individual, but generally included names, dates of birth, hospital account record numbers, health insurance information, treatment cost information, and/or clinical information, such as dates of service, provider names or locations of service. In some instances, patients' Social Security numbers were also identified in the account.  

Not all of Wake Forest Baptist’s patients were impacted, only those whose information happened to be in the files used by the employee’s account. Additionally, their electronic medical record systems are separate from their email accounts and were not affected by this incident.  

They have no indication that anyone’s information was actually viewed by the unauthorized third party or that it has been misused. However, as a precaution, they are mailing notification letters to individuals whose information was identified through their review and for whom they have sufficient contact information. The notification letters include a Reference Guide that provides additional information on general steps individuals can take to monitor and protect their personal information. Although Wake Forest Baptist are unaware of any actual or attempted misuse of patient information as a result of this incident, they encourage affected patients to carefully review their credit reports and similar types of documents that might indicate questionable activity. For those whose Social Security numbers were identified in the account, they are offering complimentary credit monitoring and identity protection services. 



July 17, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Disinfectant Dispensers in Healthcare Facilities Often Fail to Deliver Safe Concentrations: Study

Study of 10 hospitals finds 90 percent have at least one dispenser delivering disinfectants at incorrect concentrations.


Duke University Health System Receives $50 Million for Proton Beam Therapy Center

The donation is the largest philanthropic gift received by Duke University Health System.


UT Southwestern Experiences Data Breach Through Calendar Tool

The incident occurred in October.


Protecting Patient Data: Strategies and Tactics

As cyber threats and breaches grow, healthcare organizations and facilities need a better approach to cybersecurity.


Duke Health to Acquire Lake Norman Regional Medical Center

The closing is projected for the first quarter of 2025.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.