A malicious attack on a Pittsburgh hospital has likely resulted in far more employees being affected than was originally reported, according to the Pittsburgh Post-Gazette.
Back in early May, we and many others reported on a malicious incursion into the University of Pittsburgh Medical Center’s internal database that reportedly resulted in the exposure of information for 27,000 employees. But the actual number is more than double that.
All UPMC Employees Impacted by Attack
According to the Post-Gazette, the reality is that all 62,000 workers at the hospital were potentially impacted by the breach. The information stolen included Social Security numbers, bank account information and addresses. UPMC reported that as a result of the breach, 817 people have been verified as being victims of tax fraud.
“In the interest of protecting our staff, we are now urging all of our employees to take the proper precautions to protect their personal information,” UPMC stated following the revelation that all employees were vulnerable.
The increase in reported victims likely won’t to much to improve UPMC’s reputation, since the news of the original breach is still so fresh. Since news of the attack first arose, the UPMC has already been hit with a class-action lawsuit filed by employees whose information was used to open fraudulent bank accounts.
For Benjamin Sweet, the lawyer representing these employees, the news that the attack likely extends to all UPMC employees is an unsettling indication that the full scope of the breach is not known.
“It’s hard to know what the next shoe to drop will be,” he said. “At a minimum, UPMC owes its employees and the public an immediate and full accounting of the facts. … Can it confirm whether the data breach is confined to UPMC employees or has any patient-level data been compromised?”
The scale of the UPMC incident highlights the need for enterprise security across industries. In today’s computing world, any organization is a potential victim.