Adventist Health Tehachapi Valley is investigating a “phishing” scam that could impact about 250 employees.
“A 'phishing' scam has led to the release of private Tehachapi Valley Healthcare District information,” said Teresa Adamo, marketing director for AHTV.
She originally said "approximately 513 current and past employees," could be impacted, but later revised the estimate downward.
According to Adamo, a person posing as a legitimate employee made the request for the information via email. The “phishing" scam led to the attacker receiving Social Security numbers and W-2 forms. She also said there was no actual break-in or hacking of any computer systems, and no patient information was obtained.
“However, one case of tax fraud has been confirmed as a result of this breach,” she said. “The Internal Revenue Service has just recently issued a warning about similar scams.”
Some of the employees impacted by the breach were said to be former employees of the Tehachapi Valley Healthcare District. Although now a separate entity, CEO Eugene Suksi of the TVHD said the TVHD has its own IT systems.
“The TVHD did not breach employee confidentiality and our standalone IT network remains secure,” he said. “Unfortunately, there was a breach by an AHTV employee that does affect current and former TVHD employees, including me. I was made aware of the breach last week and am waiting for follow-up details from Adventist Health just like all the others who were affected. I am not happy that my personal information was disclosed but I also know it was not intentional.”
Adamo said AHTV has notified all impacted individuals and offered them free credit monitoring services for the next 12 months.
“Fortunately, as AHTV employees are moved over to the Adventist Health technology infrastructure, the more robust level of protections will provide much stronger protection against these types of scams and hackers.” she said. “As always, our staff’s privacy and security remain our highest priority. We will continue to review this important security issue and provide additional follow-up information to employees as it becomes available.”