Lexington Medical Center reports unauthorized access to employee data
Employee information at Lexington Medical Center has been breached. Jennifer Wilson, LMC’s public relations director confirmed that unauthorized access into employee- not patient- records has been gained, Friday morning.
An email to ColaDaily.com reported employees were told of the hack, Friday morning.
Wilson issued a media statement and information on the steps to take if you suspect your personal information has been exposed. The statement and the information filer are included below.
Lexington Medical Center has learned that there has been unauthorized access into our employee information database, known as eConnect/Peoplesoft. Because the privacy of our employees’ information is very important to us, we wanted to let them know about this situation as soon as possible.
This database contains personally identifiable information on current and former employees including names, Social Security numbers and W-2 forms. Importantly, the database does not contain any patient information.
When Lexington Medical Center discovered this situation, we immediately eliminated further unauthorized access, promptly began an investigation and engaged several national cybersecurity professionals to assist us. We also contacted federal and state law enforcement officials.
Lexington Medical Center is committed to safeguarding our employees’ information and has dedicated resources to helping them resolve any issues related to this situation.
In addition to offering current and former employees free credit monitoring and identity theft protection services, Lexington Medical Center is establishing a dedicated, confidential call center for identify theft professionals to help answer any questions or concerns. The hospital has also provided information to employees on how they can help protect their identities and prevent fraudulent tax returns from being filed in their names.
Steps to take:
WHAT YOU CAN DO TO REDUCE YOUR RISK
The personal information most likely to be at risk in the recent security breach at Lexington Medical Center is the type of information that may be used to file fraudulent state and federal tax returns.
If you have not yet filed your tax returns, or your attempt to file a tax return was rejected, or you received a tax notice from a government agency, you should:
1. File an Identity Theft Affidavit (Form 14039) with the IRS. The form can be downloaded at: http://files1.lexmednetwork.org/wp-content/uploads/2017/02/f14039.pdfInstructions for Form 14039 – In Section A, check box 1. In Section B, check box 2. Insert this in the “Please provide an explanation” box: My company informed me that a third party may have unlawfully obtained an electronic file [W-2] containing certain employee personal information through a hacking scheme.
Mail or fax this form to the IRS: Internal Revenue Service, Fresno, CA 93888-0025; (855) 807-5720.
2. Call the IRS at (800) 908-4490, ext. 245, to report the situation. The unit office is open Monday through Friday from 7:00 a.m. to 7:00 p.m.
3. Contact your tax preparer, if you have one; and/or
4. If you notice suspicious activity related to your tax returns or suspect you have been a victim of identity theft, call or visit your local law enforcement agency and file a police report. Please bring this notice with you. Lexington Medical Center is filing a police report regarding the incident.
ADDITIONAL STEPS TO PROTECT YOUR PERSONAL INFORMATION AND CREDIT
Other precautionary measures you should consider to help protect your personal information include placing a fraud alert and/or security freeze on your credit files.
Placing a Fraud Alert on Your Credit Files You can place an initial 90-day fraud alert on your credit files at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others. Alternatively, you may file the fraud alert online. Here is a link to the Equifax fraud alert home page:https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp.
Placing a Security Freeze on Your Credit FilesIf you are very concerned about becoming a victim of fraud or identity theft, you may request a security freeze be placed on your credit file. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. To find out more on how to place a security freeze, you can use the following contact information:
Experian P.O. BOX 2002Allen, TX 75013www.experian.com1-888-397-3742
TransUnion P.O. BOX 2000Chester, PA 19016 www.transunion.com1-800-680-7289
Equifax P.O. BOX 105069Atlanta, GA 30348www.equifax.com1-800-525-6285
Experian Security Freeze P.O. BOX 9554Allen, TX 75013http://experian.com/freeze1-888-397-3742
TransUnion Security Freeze P.O. BOX 2000Chester, PA 19016 http://www.transunion.com/securityfreeze1-888-909-8872
Equifax Security Freeze P.O. Box 105788Atlanta, GA 30348https://www.freeze.equifax.com1-800-685-1111
rotecting Yourself from Identity Theft