X logo

Today's breaking news and more in your inbox.

I'm interested in (please check all that apply)

You may opt-out anytime by clicking "unsubscribe" from the newsletter or from your account.

Wheeling Health Right Victim Of Cyberattack

Wheeling Health Right

WHEELING – Wheeling Health Right is asking its clients to keep an eye on their credit reports, announcing Friday that the health care facility was the victim of what it called a “highly sophisticated cyberattack.”

That attack, Health Right said, resulted in unauthorized access to personal information, including protected health information, relating to patients who applied for or received services from Health Right. The attack, the organization said, happened in January.

“While I am grateful that we are able to once again provide needed services across the Ohio Valley after being shut down by the cyberattack, I am extremely sorry for what happened,” Health Right Executive Director Kathie Brown said in a news release. “On behalf of everyone in our agency, I sincerely apologize for the understandable worry this incident must be causing those who may have been affected and we are dedicated to making it right.”

Health Right discovered the attack Jan. 18, then worked with legal counsel and a data breach remediation firm to figure out the attack’s scope. The investigation found an unauthorized cybercriminal may have accessed certain information stored in Health Right’s systems, but the organization was unaware of any actual or attempted misuse of the information following the attack.

Information possibly accessed included full names, postal addresses, email addresses, phone numbers, driver’s license numbers, medical record numbers, Social Security numbers, tax information, income information, and other health information about patients who applied for or received services from Health Right.

On top of working with the data breach remediation firm, Health Right also had its information technology service provider decrypt, recover, and rebuild the organization’s systems, initiated a password reset for all system end users, implemented multi-factor authentication for employee email accounts and installed endpoint detection and response software.

The organization is taking future steps to protect information, including enhancing employee cybersecurity training and notifying regulators, including the U.S. Department of Health and Human Services and other applicable state regulators, about the attack.

Health Right is working with a third party to provide identity monitoring services to affected individuals free for the next 12 months, and has established a call center to respond to any questions those affected may have about the cyberattack or about their identity monitoring services. WHR otherwise recommends those people remain vigilant over the next 12 to 24 months by reviewing account statements and monitoring credit reports for unauthorized activity.

Anyone who believes their personal information may have been affected by this attack should call (855) 541-3589, toll-free, Monday through Friday from 9 a.m. to 6:30 p.m., to ask questions or learn additional information.


Today's breaking news and more in your inbox

I'm interested in (please check all that apply)
Are you a paying subscriber to the newspaper? *

Starting at $4.73/week.

Subscribe Today