Pennsylvania Hospital Succumbs to Phishing, Exposing Employees’ Financial Data

Summit Health learned scam emails were sent to certain hospital personnel and that they responded, believing the messages to be legitimate, according to the company’s lawyers.

On March 18, the attorneys notified the Maryland Attorney General’s Office that as a result of the successful phishing, data in an employee “self-service system” -- used to access payroll and benefits information” -- may have been compromised by hackers.

The tool holds employee W-2 tax information, including income and Social Security numbers. Dependents’ information might also have been exposed.