Fremont Health and the Lower Platte North NRD are among area entities affected by a possible compromise of employee information.
The information involves data used in processing W-2 statements.
John Miyoshi, general manager of the LPNNRD, said the Internal Revenue Service informed its employees that another person was trying to file an income tax return using information from their W2s.
Both the hospital and NRD use a third party payroll company.
Bill Vobejda, vice president-administration for Fremont Health, indicated to the Fremont Tribune that initially a small number of employees had notified the hospital of problems.
Upon learning of the incident involving employee information, Fremont Health immediately began an investigation.
“We do not know how many employees are ultimately impacted. The results of the investigation will show that,” Vobejda said.
Fremont Health’s website states that it has approximately 800 employees.
No patient information was exposed or at risk in any way, the hospital stated in a prepared release.
Vobejda also indicated that the breach didn’t occur within the hospital system.
People are also reading…
“We know that it’s not anything internal within our system,” he said. “We’ve done that investigation.”
Miyoshi said 16 of 18 employees who work at the government entity have had information compromised. The two who didn’t have problems were hired in the past six months.
“We don’t know of any cases where the perpetrators were successful in getting the income taxes filed,” Miyoshi said. “It sounds like the controls that the IRS has in place caught all those and our employees received letters informing them of the problem and making sure that the employee had not filed the taxes. We don’t believe there was any loss, because of that.”
Miyoshi and media reports have indicated that Greenshades is a third-party payroll company used by the NRD and other businesses.
Matt Kane, one of Greenshades’ CEOs, said the company has a third-party forensics cyber investigator who has been looking at the issue from the firm’s standpoint.
In early findings, the forensics cyber investigator “has not observed any evidence of access to our system without valid credentials and for the attack vectors observed to date the method of the attack does not appear to be an exploit of a network vulnerability of Greenshades,” Kane said.
Citing the ongoing investigation, Fremont Health said it has no comment about its vendors.
Miyoshi said employees can file a fraud report with law enforcement and a fraud alert with a major credit reporting service. The latter is good for 90 days, but if people have filed a report with police they can get that extended to seven years.
He said that although the LPNNRD’s board doesn’t meet until April 11, the executive committee will recommend that the district pay for individual fraud insurance for one year for employees.
There also is concern about the 19 people on the board of directors who receive a per diem payment for each meeting. At this time, only one director has noted a problem involving a W2.
“We’ve not spoken with all the directors, but we do know at least one had the same problem,” he said.
Miyoshi also noted that the problem was not internal.
“Our IT (information technology) people looked at our server very hard for the last year and cannot find any hacking attempts that were successful on our servers,” he said.
As the investigation proceeds, FHMC also continues to stress the importance it places on protecting information.
The hospital’s statement indicates that: “The privacy and security of all information entrusted to Fremont Health is of utmost importance to Fremont Health, including employees’ personal information, and Fremont Health will continue to take significant measures to help protect that information.”
“Fremont Health is devoting considerable resources to ensure its employees are fully informed and protected as a result of this incident.”
The LPNNRD and Fremont Health aren’t the only ones affected.
Current and former Catholic Health Initiatives employees—including fewer than 100 from CHI Health in Nebraska—have been affected by a single incident that involved unauthorized access to their payroll information, said Michael Romano, national director of media relations for Catholic Health Initiatives in Englewood, Colorado.
CHI wouldn’t disclose its third-party payroll vendor.
But it said its incident involved information that included income tax forms, Social Security numbers and direct-deposit information.
Romano said fewer than 400 people total have been affected.
Nationwide, CHI has approximately 98,000 employees and consists of 103 hospitals and other health care facilities in 19 states.
Romano said the unauthorized access occurred between late February and early March 2016 through a public Internet site operated by a third-party vendor.
The vendor oversees an online portal for certain Catholic Health Initiatives national payroll and tax information.
Unauthorized access was halted upon its discovery on March 13.
Romano said CHI is committed to protecting the confidentiality of personal information and regrets the impact on those affected.
Due to the possibility of tax-return fraud and identity theft, all affected employees are being offered a two-year identity-protection service.