MultiCare employees at risk of identity theft after third-party data breach

Health systems across the nation and in Washington state have become recent targets of cyber hacking.

In an announcement to its website, MultiCare said a number of past and present employees had their names, addresses and social security numbers stolen in a data breach.

MultiCare said a third party company that prints its W2 and 1099 forms was hacked. The company, Kaye-Smith, said the ransomware attack happened in June 2022. The data breach involved several of its customers, including Tacoma-based MultiCare.

The health system said it was officially notified of the breach and the compromised employee information on September 30.  

MultiCare said the third-party company has "seen no evidence, and has no reason to believe, that any of the data was or will be made available to the public."

MultiCare said Kaye-Smith took immediate steps throughout the summer to re-secure the affected data and "instituted a monitoring program to search for any exposure of the data involved in this incident."

In a statement, MultiCare wrote: "MultiCare takes our responsibility to protect the sensitive information entrusted to our organization very seriously. We will remain ever-vigilant to ensure the ongoing security of our patients and our employee data."

The breach comes as Virginia Mason Franciscan Health, serving most of Kitsap County, continues to restore critical IT service to its patients. Its parent company, Common Spirit Health, experienced a ransomware attack earlier in October. Common Spirit Health is the second-largest nonprofit hospital chain in the country.

RELATED: Deputies: Body found on SR 509 near south Seattle ID'd as 16-year-old girl

Get breaking news alerts in the FREE FOX 13 Seattle app. Download for Apple iOS or Android. And sign up for BREAKING NEWS emails delivered straight to your inbox.

A ransomware attack locks users out of systems unless the victim company pays money.

As for MultiCare, during the week of October 17, Kaye-Smith is sending letters to all the employees affected by the breach. The company is also offering them two years of free credit monitoring.