Manitowoc County Phishing Attack Resulted in PHI Theft

Manitowoc County in Wisconsin fell victim to a phishing attack resulting in the theft of protected health information (PHI). The phishing incident happened on or close to January 14, 2018, but Manitowoc County only discovered the data breach on April 24.

The individual behind the attack had set up a redirect on the email account and all messages sent to the account were directed to another email account, which is not accessible to Manitowoc County staff. While PHI has been obtained by an unauthorized individual, no reports have been received to suggest any PHI has been misused.

The stolen information includes names, phone numbers, addresses, email addresses and birth dates, health data, insurance details, medications, diagnoses, treatment related data and client ID numbers. Manitowoc County has sent notification letters to the individuals affected by the phishing attack.

Manitowoc County has warned breach victims of the risk of phishing emails claiming to be from Manitowoc County. County officials stated they will not ask patients to provide personal information via email or telephone about this incident. Individuals impacted by this attack have also been told to be wary of any email containing attachments and hyperlinks and to be alert to the risk of phishing and that they should not disclose sensitive information to anyone over the phone.

Manitowoc County has now taken further steps to improve its security controls and new protocols have been developed to reduce the potential for further successful phishing attacks. Employee training will also be enhanced to raise awareness of the risk of phishing.

Manitowoc County had not disclosed to the public how many individuals were impacted by the incident and the data breach is not yet listed on the breach portal of the Department of Health and Human Services’ Office for Civil Rights.

HIPAA
Compliance
Checklist

Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

 

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/