US based healthcare provider Atlantic Health System has come under fire for tricking employees into believing that they are getting a pay raise.
Up to 5,000 employees at the company received an email informing them they are getting a raise.
In order to get their next paycheck, the employees were told in the email to click on a link and provide their personal data – including employee ID number, date of birth, and home zip code.
The email was eventually found to be a computer security test run by the hospital system on its own employees.
Roughly one quarter of the employees of Atlantic Health System clicked onto the email, and two-thirds of those who opened the email went on to provide the information required for the raise.
Employees were reportedly unhappy about the move and some tipped off NJ Advance Media about the case through anonymous email, in hope of bringing media attention to the situation.
One anonymous employee described it as the company lying to employees about a pay increase in order to conduct its test, and said employees were “angered” by the deception.
In response to media enquiry on the case, a spokesman for the company has allegedly apologised for dangling the prospect of a raise in front of employees but insist the company is doing nothing wrong in conducting the cyber security tests.
“We do acknowledge that the email was upsetting to people, and we do apologise for that,” said Robert Seman, a spokesman for Atlantic Health.
“Our intention was not to antagonise, but to test our strength if we were attacked by criminals.”
He also admitted using a raise as bait was unnecessary and the hospital will avoid that tactic in the future.
The trick email was sent to 5,000 randomly selected employees, or about a third of the company’s 15,000 employees.
Nearly 10% of the employees reported the email as suspicious, and many employees warned their co-workers against clicking on the link or providing any personal information.
Seman said the email was sent from a URL that was a variation of the corporate one, it ended with “.com,” which should’ve been a tip-off to alert employees since the company’s website ends in “.org.”
Although the hospital upset employees, the issue with cyber security is not to be taken lightly, since a fair amount of cyber security breach are inside jobs.
The security test the hospital ran was trying to protect themselves from “ransomware” attacks which now accounts for 93 percent of cyber security attacks, according to the security website PhishMe.com.
Ransomware attacks, have, in fact, made news headlines recently.
In a high profile attack which took place in February, the computer system of a US medical centre was put offline for more than a week following a ransomware attack. Hackers demanded US$3.4m to provide the codes to unlock the stolen data.
In Hong Kong, ransomware attacks in the city mostly target SMEs and NGOs because they are regarded as easy targets due to their paucity of cyber security measures.
Human Resources has reached out to the Atlantic Health System for a comment, and will update this story once received.