Sunday, January 19, 2025, 6:44AM |  30°
MENU
Advertisement

UPMC data breach could be part of a national scheme

UPMC data breach could be part of a national scheme

Health care providers across the nation have been targeted by cybercriminals

The data breach that has compromised the personal information of thousands of UPMC employees and the tax returns of hundreds more could be part of a national scheme.

UPMC confirmed Thursday that a data breach thought to only affect a few dozen employees when announced in February has actually revealed the personal information of approximately 27,000 employees.

Among those employees, 788 have experienced some form of tax fraud and several others have had bank accounts wiped clean, according to Michael Kraemer, a Pittsburgh attorney who has filed a suit seeking class-action litigation against UPMC. The health care organization and its subsidiaries employ approximately 62,000 people.

Advertisement

Questions surrounding how the breach occurred and how long UPMC knew about it before alerting employees have yet to be answered, said Mr. Kraemer.

However, if UPMC were caught up in a scheme that has resulted in the filing of more than $1 million in fraudulent tax returns this year, the company may not have understood the full scale of the data breach until it was too late.

Brian Krebs, a former Washington Post cybersecurity reporter who operates the investigative blog KrebsonSecurity.com, said at least half a dozen health care providers across the nation have been targeted by cybercriminals hacking into third party vendors to access human resources or payroll records.

According to Mr. Krebs, individuals within the payroll or human resources department likely had their computers compromised by malware designed to steal their login and password credentials. Once cybercriminals had the credentials, they would access employees' W2 records through cloud-based third-party vendors that store payroll and personnel information. The criminals then use that information to file the false returns with online tax software.

Advertisement

Mr. Krebs uncovered the scam in March when he came across a Web-based control panel used by criminal gangs to track individuals whose data had been used to file false returns. So far, more than six health care companies have been affected. He did not directly investigate the UPMC incident and could not say for sure if it was affected by that particular breach.

The full report on the breach can be found at: krebsonsecurity.com/2014/04/crimeware-helps-file-fraudulent-tax-returns.

UPMC spokeswoman Gloria Kreps didn't immediately answer questions surrounding whether the organization was affected by the breach Mr. Krebs uncovered.

Once an organization discovers a common denominator is a third-party vendor, there's no quick way to find out every Social Security number that has been compromised.

"It's not like they can just call the IRS and ask them. If they're working with a third-party vendor, they need to work with them to find out which records were accessed and which employees are at risk," Mr. Krebs said.

Regardless of how far UPMC believed the investigation reached, Mr. Kraemer said erring on the side of caution could have saved employees thousands of dollars and weeks of grief. "The minute they confirmed there was a data breach, they should have mitigated the situation. A lot of people could have avoided problems if they knew to contact the IRS in advance to tell them to stop payment on the refund check," he said.

UPMC is encouraging all of its employees to notify their banks and check with the IRS to ensure they have not had fraudulent returns filed in their name. The company also is providing LifeLock identity protection free of charge to employees who enroll in the program by April 28.

To report suspected tax fraud to the IRS, call the Tax Fraud Hotline at 1-800-829-0433 or visit www.irs.gov/Individuals/How-Do-You-Report-Suspected-Tax-Fraud-Activity%3F.

First Published: April 19, 2014, 3:18 a.m.

RELATED
SHOW COMMENTS (0)  
Join the Conversation
Commenting policy | How to Report Abuse
If you would like your comment to be considered for a published letter to the editor, please send it to letters@post-gazette.com. Letters must be under 250 words and may be edited for length and clarity.
Partners
Advertisement
Russell Wilson #3 and Justin Fields #2 of the Pittsburgh Steelers warm up prior to the game against the New York Giants at Acrisure Stadium on October 28, 2024 in Pittsburgh, Pennsylvania.
1
sports
Gerry Dulac: The Steelers are looking for direction and purpose. How will the roster look in 2025?
Fans of all ages attend PiratesFest to kick off the 2025 season on Saturday, Jan. 18, 2025 at the David L. Lawrence Convention Center Downtown.
2
sports
‘Where is Bob?’: Fans express frustration with ownership, lack of success during PiratesFest
Josh Willy, Penn Hills High teacher of 23 years, died in a single-vehicle crash on Friday, Jan. 17, 2025.
3
news
Penn Hills High mourns loss of longtime teacher in vehicle crash
Ice forms on the Allegheny River in Downtown on Tuesday, Jan.14, 2025. Pittsburgh is forecast to see extreme cold weather next week, with wind chills of 20 degrees below zero possible.
4
news
Pittsburgh is under an extreme cold watch. Here's what that means and how to prepare.
Penguins goaltender Joel Blomqvist stops the puck during the first period of a game against the Capitals on Saturday, Jan. 18, 2025, in Washington, D.C.
5
sports
Joel Blomqvist plays well in his NHL return, other takeaways from the Penguins’ loss to the Capitals
Advertisement
LATEST business
Advertisement
TOP
Email a Story