WISTV reports:
The employee database of the Lexington Medical Center is the latest victim of a cyberattack.
In a statement released by the hospital, the breach was discovered Friday morning. The breach showed that there has been unauthorized access to the employee information database, called eConnect/Peoplesoft. Medical center officials learned about the breach this week and told employees as quickly as possible.
Here’s the medical center’s statement:
Lexington Medical Center has learned that there has been unauthorized access into our employee information database, known as eConnect/Peoplesoft. Because the privacy of our employees’ information is very important to us, we wanted to let them know about this situation as soon as possible.
This database contains personally identifiable information on current and former employees including names, Social Security numbers and W-2 forms. Importantly, the database does not contain any patient information.
When Lexington Medical Center discovered this situation, we immediately eliminated further unauthorized access, promptly began an investigation and engaged several national cybersecurity professionals to assist us. We also contacted federal and state law enforcement officials.
Lexington Medical Center is committed to safeguarding our employees’ information and has dedicated resources to helping them resolve any issues related to this situation.
In addition to offering current and former employees free credit monitoring and identity theft protection services, Lexington Medical Center is establishing a dedicated, confidential call center for identify theft professionals to help answer any questions or concerns. The hospital has also provided information to employees on how they can help protect their identities and prevent fraudulent tax returns from being filed in their names.
So it doesn’t sound like a W-2 phishing scheme, but it’s not clear from the little they’ve said whether this was a hack that used an employee’s compromised credentials or an inside job, or….