ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

Hospital’s fate warns of tax season scams

Tax season scams are underway.  On January 25, it was discovered that the tax information of 1,457 hospital employees had fallen into a scammer’s hands in one of the latest W-2 business email compromise attacks. The Gillette, WY-based healthcare system reported that an employee had responded to an email request for the W-2 form data of hospital employees.

According to a statement by Campbell County Health (CCH) CEO Andy Fitzgerald, “Currently, it appears that an unauthorized individual, impersonating a CCH executive, contacted an employee requesting W-2 information for all of our employees who had taxable earnings in calendar year 2016. Unfortunately, before it was determined that the request was fraudulent, the employee provided these files. No protected health information for our employees or our patients was released in this incident.”

The information delivered did include social security numbers for CCH employees, who have all been notified and are being offered identity protection services. “We take this matter and the security of personal information very seriously at CCH, and we will continue to review and enhance our security practices to further secure our systems,” said Andy Fitzgerald.

Tax season is a popular time for business email compromise attacks and other tax-related scams. Last year, the Internal Revenue Service issued an alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents in the first quarter of 2016 alone. Based on the Wyoming hospital’s unfortunate experience, it appears scammers are not going to take this tax season off. 

To help minimize the threat that this type of targeted email phishing presents, PrivaPlan’s President David Ginsberg recommends the following activities:

1) Remind your financial team and key managers to be on the lookout for suspicious emails.

2) Train staff on how to spot a phishing email, such as hovering over a link until the URL appears.

To find out how the HIPAA experts at PrivaPlan can assist you with phishing testing, and the many other services we provide, contact us at info@privaplan.com or call 877-218-7707.

PrivaPlan Associates, Inc. is the authority in HIPAA Privacy and Security Rule Compliance. Offering in a wide array of products and services including guidance on: HIPAA Privacy and HIPAA Security, HIPAA Training, Meaningful Use Consultation, Security Risk Assessments and much more.

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.