A phishing incident has compromised the personal information of 11,000 Pennsylvania Main Line Health employees. Officials said the incident occurred on Feb. 16 when an employee fell for a social engineering attack. The worker received a spoofed email from a seemingly legitimate source--bad guys ususally spoof the CEO, and that's why these attacks are called CEO Fraud--and answered back including all Main Line Health employees' W-2 information.
Main Line Health was informed of the incident Tuesday following a national alert, issued by the IRS, regarding a recent surge of the email scheme. "The safety and security of Main Line Health's employees is our priority, and we are establishing resources to provide our employees with as much support as possible during this time," said Jack Lynch, President and CEO, Main Line Health.
"We are currently conducting a review of internal policies and procedures to identify ways in which to enhance existing safeguards to help prevent incidents of this nature in the future. Identity theft and other forms of electronic fraud have become increasingly prevalent, and I want to urge our colleagues at other health care organizations as well as our regional business partners to take immediate action to educate their employees against phishing attempts," said Lynch.
Several resources have been set up for employee support, officials said, including an informational call center. Main Line Health is also providing credit monitoring services to all employees. No patient information was released or compromised, officials said. More info and video footage at http://6abc.com/1228291/
It is sad to see that these attacks continue to be successful, when effective security awareness training can stop them dead in their tracks. Find out how affordable this is for your organization and be pleasantly surprised.