Employee Data Breach in UPMC More Extensive than Predicted

by | Published on Sep 12, 2014 | Outsourcing Services

Data BreachData breach is a serious issue affecting many businesses. Despite the security measures taken, data breach or identity theft happens, even for the personal data of employees. Data breaches not only cost a company’s time and money, but also affect its public trust and confidence. Anyhow, companies should set up adequate strategies to respond to and manage data breaches properly.

An identity theft reported at UPMC (University of Pittsburgh Medical Center), has affected more than 27000 of its employees, a recent report says. According to the recent report, at least 788 workers may have fallen victim to tax fraud, which is much more than the March estimate that 322 employees may have been affected. Data breaches expose important information such as names, home addresses, social security numbers, wage information, birth dates, bank accounts, and routing numbers. Fraudsters can use this information for fraudulent income tax returns or file a phony tax return in the victim’s name to claim a refund.

A similar case happened with Detroit employees, when personal identifying information of about 1,700 city employees was stolen. According to the report, the incident occurred when a city employee apparently clicked on a malicious software link in an email. It released a code that froze access to some files containing information such as the names, birth dates and social security numbers of present and former employees. Fortunately, it didn’t seem that the malicious code gained access to the information in the files.

Data breaches can happen accidentally or intentionally. Some of the major reasons why data breaches occur are:

  • Loss or theft of data or equipment on which data is stored
  • Inappropriate access controls allowing unauthorized use
  • Human error
  • Hacking attack
  • Equipment failure
  • ‘Blagging’ offences where information is obtained by deceiving the organization that holds it

How Data Breaches Can Be Avoided

Certain policies and procedures should be established to ensure the protection of personal data. As the first step, the proposed team should identify and list all type of personal data held (in various departments) within the organization. Risks associated with the storage, handling and protection of this data should be evaluated and security measures taken accordingly. However, data breaches can be avoided to a certain extent by following some measures.

  • Allow only authorized staff members to access personal data
  • Avoid access to systems (containing such data) that are not in active use
  • Provide password protection to files
  • Educate staff members in security and fraud awareness
  • Constantly monitor and review the existing system to ensure compliance with the security policy

Measures Taken by UPMC to Address Data Breach

UPMC has adopted some measures to address the issue of data breach.

  • Published information for the employees on the company’s internal website
  • Affected workers have been encouraged to enroll in an identity-theft protection service free of charge
  • Advised the workers to alert the IRS and contact a credit bureau
  • Hired a tax firm to help employees complete an IRS identity theft form
  • Established a payroll system
  • Will provide credit monitoring services to affected employees
  • Will provide financial assistance, if required
  • Offered to reimburse employees up to $400 to use their own accountants

An efficient document management system can reduce the risk of data breaches and protect sensitive employee information in an organization.

Recent Posts

What is the Future of RPA (Robotic Process Automation)?

What is the Future of RPA (Robotic Process Automation)?

Robotic Process Automation (RPA) has come a long way from just being a fancy gimmick to woo users, into a trainable and effective tool to handle mundane and repetitive tasks performed by humans. RPA has now evolved to be an indispensable tool of broader automation...

RPA and Outsourcing: A Winning Combination

RPA and Outsourcing: A Winning Combination

Customer expectations have gone through the roof with the advancements in technology over the past decade. Instant gratification is a norm with customers nowadays and that puts a burden on businesses to meet their ever-growing demands, without significantly putting a...

Data Mining: The Foundation of Strategic Business Decision-making

Data Mining: The Foundation of Strategic Business Decision-making

The emergence of global organizations such as MNCs in the world market generates data at an accelerating pace, enabling unique opportunities for business growth. In information analytics and business intelligence, data mining is a robust, versatile technique for...

Share This