WHEELING, W.Va. (WTRF) — Wheeling Health Right announced in a press release on March 18 that the organization was victimized by a highly-sophisticated cyber attack that resulted in unauthorized access to certain types of personal information, including protected health information, relating to patients who applied for or received services from WHR.

WHR discovered the attack on January 18, 2022. In an investigation into the attack, they determined that an unauthorized cybercriminal may have accessed certain information stored in the organization’s system.

According to the press release, the type of information that may have been accessed includes full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number. tax information, income information, and other health information about patients who applied for or received services from WHR, however, WHR is unaware of any actual or attempted misuse of information as a result of the attack.

WHR is taking steps to further safeguard patient information by retaining a data breach remediation firm to help investigate the scope of the cyberattack, leveraging its information technology service provider to decrypt, recover, and rebuild the organization’s systems, initiating a password reset for all system end users, implementing multi-factor authentication for employee email accounts, and installing endpoint detection and response software.

WHR recommends that affected individuals remain vigilant over the next twelve to twenty-four months by reviewing account statements and monitoring their credit report for unauthorized activity, especially activity that may indicate fraud and identity theft.