More Health:

March 03, 2016

Almost 11,000 Main Line Health employees affected in phishing scam

No patient data released, but employees affected at four hospitals in Philly area

Privacy Hospitals
Main Line Health Lankenau Source/Mainlinehealth.org

The Lankenau Medical Center in Wynnewood, Pennsylvania, is run by Main Line Health.

The personal information of almost 11,000 employees at Bryn Mawr-based Main Line Health has been compromised because of a "spear phishing" scam, 6ABC reports.

"Spear phishing" occurs when a scammer pretending to be someone the email recipient knows asks for personal information. In this case, an employee received an email on Feb. 16 from someone pretending to be a Main Line Health executive and gave them personal information related to all employees, though not any information related to patients.

Main Line did not reveal what kind of personal information was released or what the email said. It only discovered the privacy breach after the IRS sent out a general alert about this kind of scam to human resource workers on Tuesday.

According to the IRS alert, the scam is usually directed to employees in the HR department and involves someone pretending to be the CEO of the company. The emails commonly contain requests like "kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review" or "Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?"

Main Line runs the Lankenau, Bryn Mawr, Paoli and Riddle hospitals. Read the full story here.