9y
The incident that the employee refers to in this post is a troubling one for many companies in the United States, indeed throughout the world, right now. Hundreds of companies, in many different sectors, have been targeted and attacked by what is known as the “W-2 Spear Phishing Scam.” It is such a prevalent problem right now that the IRS has published press releases on how to deal with it, and formed a special task force within their criminal investigation division to address it. In the past few months companies both large and small have been victims of this particular cybercrime.
While it is practically impossible to thwart every attempted phishing scam, it is how the company ultimately responds that determines the strength of its processes and the company itself. Within less than 24 hours of the scam hitting Medfusion, the crime was reported to the relevant authorities, including the IRS, FBI, NC Office of Attorney General, and local police. We communicated the incident to all affected employees past and present, advising that some of their personal sensitive data may have been compromised. We also provided them with detailed information on how to protect their identity against possible after-effects, and offered top-tier identity theft protection at no charge for one year. And we continue to proactively educate employees about their continuing obligations with respect to the importance of security and compliance in the workplace.
It is critical to note that this is a phishing scam, not a security breach. Neither our servers nor security systems were impacted, and no customer records were involved.
We appreciate the support and understanding of our current and past employees as we all work through this incident. Being the victim of a W-2 spear phishing scam does not define Medfusion. Rather, the way that we have responded to this incident—rapidly, proactively and in accordance with our legal and ethical obligations—demonstrates the commitment we have to our employees, customers, and users, and that defines Medfusion.