Summit Health, Inc. reported to the Maryland Office of the Attorney General that some of its employees had fallen victim to an email phishing scheme when they responded to the fake emails, believing them to have been legitimate.
“Summit’s investigation determined that responding to the phishing emails may have created an opportunity for unauthorized access to information contained in its self-service system, which is used for employee access to payroll and benefits information,” the letter stated.
The affected information includes employees W-2 wage and tax statements, which contained names, addresses, Social Security numbers, and income information. Data about employees’ spouses, dependents, and beneficiaries – such as names and Social Security numbers – may also have been compromised.
According to the reports, Summit is notifying five Maryland residents, and that they will be eligible for a free year of credit monitoring and identity protection services.
“Summit has also taken steps to help prevent something like this from happening in the future, including reinforcing employee education regarding ‘phishing’ emails and enhancing technical safeguards to ensure that sensitive information remains secure,” Summit said in its letter.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.