Bryn Mawr, PA – In late afternoon on March 1, 2016, Main Line Health learned of a “spear phishing” incident that affected the personal information of all Main Line Health employees. Main Line Health immediately alerted federal authorities, including the IRS and FBI, regarding this incident and is cooperating with their investigation. No patient information was released or compromised.
On February 16, 2016, a “spear phishing" email was sent to an employee. The recipient believed it was a legitimate email and responded to the request, providing Main Line Health employees’ personal information. Main Line Health learned of this incident shortly after the IRS issued a national alert related to a recent surge of an emerging phishing email scheme by which criminals use fraudulent emails to attempt to get employee information.
“The safety and security of Main Line Health's employees is our priority, and we are establishing resources to provide our employees with as much support as possible during this time,” said Jack Lynch, President and CEO, Main Line Health. “We are currently conducting a review of internal policies and procedures to identify ways in which to enhance existing safeguards to help prevent incidents of this nature in the future. Identity theft and other forms of electronic fraud have become increasingly prevalent, and I want to urge our colleagues at other health care organizations as well as our regional business partners to take immediate action to educate their employees against phishing attempts,” said Lynch.
Main Line Health is setting up several resources to support employees, including a call center to answer employee questions and to provide information on how to monitor their financial accounts. In addition, Main Line Health is making credit monitoring services available to all employees.