Saint Agnes Medical Center said it was the victim of an email phishing attack on May 2 that affected 2,800 employees.
The scammers obtained information from the W-2s of all individuals employed by the hospital during the 2015 calendar year, spokeswoman Kelley Sanchez said. The hospital’s systems weren’t compromised and all patient information remains secure.
The hospital responded to the phishing attack by informing the FBI and offering a free one-year membership to Experian’s ProtectMyID Elite to affected employees, Sanchez said. The service monitors all three credit-monitoring bureaus, providing up to $1 million in reimbursement for fraudulent charges and provides identity restoration services should a member be victimized by identity theft or fraud.
Saint Agnes President and CEO Nancy Hollingsworth said in a statement that phishing attacks like the one that targeted the hospital are on the rise nationwide and pose a threat to everyone.
“It’s more important than ever for individuals and businesses – to seek out information and education about the issue of security so we can protect ourselves from becoming victims. We deeply regret that our colleagues have been affected by this unfortunate incident, but hope that sharing our story will help to bring greater awareness to our community.”