Second health system in Tacoma hit with data breach, this one ensnaring employees

Debbie Cockrell
Damian Dovarganes/AP file, 2013

While CommonSpirit Health’s ransomware attack has been dominating local news cycles, another local health care provider recently revealed its own security breach — this one affecting employees.

In an announcement posted on its website Oct. 12, Tacoma-based MultiCare Health System revealed that it was part of a security incident that targeted Kaye-Smith, a third-party entity that prints W-2 and 1099 forms for the health system.

“In early June 2022, Kaye-Smith confirmed that they were subject to a ransomware attack involving several of their customers including MultiCare,” the release said. “The names, addresses and Social Security numbers for a number of current and former MultiCare employees were included in the data acquired without authorization.”

It added that “MultiCare was officially informed that the breach included its employees’ information on Sept. 30, 2022.”

According to the health system, Kaye-Smith re-secured the data “and instituted a monitoring program to search for any exposure of the data … .”

It added that there was no evidence so far “that any of the data was or will be made available to the public.”

This week, letters were being sent to affected workers and former employees.

“Impacted employees will be offered two years of free credit monitoring and protection through Equifax Credit Watch Gold,” the health system said.

MultiCare was not alone in Kaye-Smith’s data breach.

Becker’s Hospital Review reported this week that patients and employees with five other health systems were listed in the same breach, including 3,800 individuals from Seattle-based UW Medicine and 6,750 individuals from Seattle Children’s, as well as 31,573 individuals from Boise-based St. Luke’s Health System.

Delta Dental also has been affected, and individual company announcements posted online show entities such as World Vision and Nations Lending Corp. also are part of the Kaye-Smith breach list.

Separately, CommonSpirit Health announced this week that its Virginia Mason Franciscan Health sites in the Puget Sound region were slowly coming back online and regaining access to their online medical network and records after a multi-week outage. The outage was the result of steps taken by CommonSpirit Health in a ransomware attack first announced as an IT security incident Oct. 3.

Advertisement