Analecta Cyber Company Blog: W2s stolen from California hospital in phishing scam

2016-06-13

W2s stolen from California hospital in phishing scam

An email phishing scam affected more than 2,000 employees at Saint Agnes Medical Center. Kelley Sanchez, the hospital’s spokeswoman, said that the information obtained by the scammers were from the W2s of individual who worked at the hospital in 2015. The W2 form, a Federal tax document, includes the employee's name, social security number, salary details, and home address. The hospital believes that patient data remained secure and that Health IT systems were not compromised.

As part of the incident response the hospital contacted the FBI and has offered the affected employees one-year of identity theft protection and credit monitoring.



A phishing email appears to be a legitimate email circulated within the organization. These messages can be sent from a spoofed account or a compromised email account of a top executive. Some spoofs use a domain that is nearly identical to the original domain, making it extremely difficult for employees to discern the false source of the email.

Other healthcare organizations have also been attacked by Phishing attacks in 2016. Main Line Health, York Hospital, Magnolia Health Corporation, eClinicalWorks and CareCentrix have also been targeted in attacks that compromised corporate mail systems.