On March 18, attorneys for Summit Health, Inc. in Pennsylvania notified the Maryland Attorney General’s Office that on February 19, the hospital had learned that some of its employees had fallen for a phishing attempt.
As a result of the successful phishing, employees’ information in the Lawson Employee Self-Service System, used to access payroll and benefits information, may have been accessed by unauthorized individuals. Included in that system was employees’ W-2 tax information, including income and Social Security numbers. Dependents’ information might also have been accessed.
Those employees who were affected were offered a year of credit monitoring with Experian.
The total number potentially impacted was not disclosed, but this seems to be another instance of healthcare entities being targeted by phishing attempts. In this case, it was employee information that was potentially compromised and not any patient information, but the problem is the same.