From the notice on their website:
Notice Regarding Recent Data Breach
What Happened?
On January 18, 2022, Wheeling Health Right discovered that our organization was victimized by a ransomware attack that encrypted our systems. Upon discovery of the security incident, we engaged legal counsel and a data breach remediation firm to conduct an investigation into the scope of the security incident. Although we are unaware of any actual or attempted misuse of information as a result of this security incident, we are providing notice because our investigation determined that an unauthorized third-party may have had access to certain patient information.
What Information Was Involved?
The type of information that may have been accessed includes: full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number, tax information, income information, and other health information about patients who applied for or received services from Wheeling Health Right.
What We Are Doing
Following discovery of the security incident, we immediately initiated remedial security measures to further safeguard patient information. These measures included, among others, retaining a data breach remediation firm to help investigate the scope of the security incident, leveraging our information technology service provider to decrypt, recover, and rebuild our systems, initiating a password reset for all system end users, implementing multi-factor authentication for employee email accounts, and installing endpoint detection and response software, among various other measures.
We are also taking steps to implement additional safeguards, review policies and procedures relating to data privacy and security, and enhance employee cybersecurity training in order to protect against similar incidents in the future. In addition, we have notified regulators of the event as required as well, including the U.S. Department of Health and Human Services and applicable state regulators.
Read more of the notice at Wheeling Health Right. Although they report having notified regulators, their report has not yet shown up on HHS’s public breach tool. This post will be updated when it does. The incident has also not yet shown up on any ransomware leak site checked routinely by DataBreaches.net.