Tag Archives: Michigan

Phishing Scam Leaks Employee Information at NJ Facility

Saint Joseph’s Healthcare System in New Jersey recently announced that more than 5,000 employees at some of its facilities may be at the risk of identity theft following a phishing scam that potentially compromised their information.

Facilities in Paterson, Wayne and Cedar Grove locations were affected, according to St. Joseph’s Vice President of External Affairs Kenneth Morris Jr. Patient data and medical information were not affected, but employees’ names, social-security numbers and employee earnings for 2015 and 2016 were potentially accessed. However, dates of birth, home addresses, and banking information were not affected.

Morris told The Record that there was no indication that the phishing scam was an internal crime, and that it was an “extremely sophisticated” scam. He added that the scam included a named company executive using an internal email.

“There was no intrusion or breach of our internal IT system,” he explained to the news source. “None of that data was compromised.”

Affected employees will be receiving free credit monitoring. Local and federal authorities have also been notified, as well as the system’s insurance carrier, according to Morris.

“Our primary focus is really protecting our employees and their credit health,” he said. “In addition, we’re putting the proper protocols in place so that this doesn’t happen again.”

Other recent potential data breaches included improperly disposed devices and mis-mailings. 

Potential data breach at Iowa pharmacy

A Des Moines, Iowa-based pharmacy is warning some customers of a potential data breach after an external hard drive was “inadvertently” disposed of on November 5, 2015.

The Medicap Pharmacy hard drive reportedly contained personal information that the organization believed to have been encrypted, according to The Des Moines Register. However, Medicap said it learned on December 3 that some of the data may not have been encrypted.

Customers who filled prescriptions at the Des Moines pharmacy between June 2014 and Nov. 3, 2015, may have had some information exposed. This data included names, addresses, dates of birth, telephone numbers, prescriber information, names of medications, costs, insurance information and Social Security numbers.

Medicap told the news source that there is no indication that the information was obtained, accessed, or misused. Even so, the pharmacy urged individuals who suspect they may have been the victim of identity theft to contact local law enforcement or the state attorney general’s office.

According to the OCR data breach reporting tool, the incident affected 2,300 individuals.

Michigan rheumatology facility mis-mailing affects 700 individuals

Borgess Rheumatology in Michigan recently reported that 700 patients may have been contacted by mistake through mailings, potentially exposing a limited amount of information to the wrong individuals.

Letters were reportedly mailed to patients on December 9, 2015, according to a WWMT report, and Borgess learned of the incident on December 10. While Social Security numbers were not included in the information mailed out, patient names and the fact that they visit Borgess were included.

Once Borgess found out what happened, it immediately began to contact patients.

“Borgess takes patient confidentiality very seriously and we deeply regret that this has occurred,” Borgess Corporate Responsibility Officer & HIPAA Privacy Officer Susan McDonald said in a statement. “We are doing everything we can to notify patients who were impacted by this mistake.”

Borgess added that it is taking “aggressive steps” to ensure this type of incident does not happen again. While it was not specified exactly how the mis-mailings took place, the organization said that it was also re-educating and training staff on necessary safeguards. Borgess policies and procedures will also be reviewed.  



Michigan Department of Treasury warns taxpayers about telephone phishing scam

Click to enlarge

Seal courtesy of State of Michigan

With the beginning of tax season, the Michigan Department of Treasury is warning taxpayers of fraudulent phone calls being made to taxpayers from a false phone number.

The number has the appearance of being from the Department of Treasury. The taxpayer is told that they have committed tax fraud and if they don’t pay an amount immediately they could be arrested.

The calls are part of a phishing scam to trick taxpayers into providing personal and financial information, which can be used to steal the taxpayers’ identity and swindle them out of money.

The Department of Treasury will not:

-Demand immediate payment without first mailing you a letter

-Require that you pay your taxes a certain way. For instance require that you pay over the phone with a prepaid debit card

-Threaten to call the police or other law enforcement agencies to arrest you for not paying

Use caution and never provide personal information unless you are positive that the situation is legitimate. For more information about fraud and tax scams or how to report suspicious calls, read this notice, and visit the IRS website for additional information about these types of scams.



Arkansas Attorney General joins comment letter to FTC about spam and phishing text messages

LITTLE ROCK, Ark. (Legal Newsline) – Arkansas Attorney General Leslie Rutledge announced she has joined other state attorneys general in a comment letter to the Federal Communications Commission asking it to maintain its current safeguards and filters for protecting consumers from spam and phishing text messages.

“As I continue to work with my colleagues to reduce annoying telemarketing calls to Arkansans, I want to make sure that wireless carriers do not lose their ability to protect consumers’ messaging,” Rutledge said. “Taking this ability away would make consumers increasingly vulnerable to dangerous spam and phishing schemes.”

Rutledge signed the comment letter, led by Idaho Attorney General Lawrence Wasden, along with attorneys general from Alabama, Colorado, Connecticut, Georgia, Indiana, Maine, Michigan, Montana, New Hampshire, New Mexico, North Dakota, Ohio, Oklahoma, South Dakota, Utah, West Virginia and Wyoming.

“Text messaging spam would be a major annoyance to consumers and would be a vehicle for various fraudulent activities,” the attorneys general said in the letter. “We believe, and our citizens desire, that this unique wireless service should be kept ‘spam free.’”