PITTSBURGH – The personal information of 27,000 University of Pittsburgh Medical Center employees might have been put at risk by identity thieves who apparently used the information of 788 workers to file bogus federal tax returns, the hospital network said.
UPMC notes that no patient information was lost to the thieves, who are being investigated by the Internal Revenue Service and other federal agencies but have yet to be charged.
“This complex investigation is ongoing, and we have had outstanding interagency cooperation,” U.S. Attorney David Hickton, the lead federal prosecutor for Western Pennsylvania, said Friday.
When UPMC first confirmed the identity thefts in February, officials believed just 22 workers’ personal information was used to file bogus tax returns. The hospital network, which has 62,000 employees, later said more than 300 workers had been victimized.
UPMC’s latest announcement, Thursday, was no surprise to Michael Kraemer, an attorney who has filed a lawsuit seeking class-action status on behalf of workers who have had bogus bank accounts opened and tax returns filed in their name.
“That’s what we’ve been saying all along,” Kraemer said about the thousands of employees potentially affected.
The IRS said 1.2 million taxpayers were the victims of similar fraud in the 2012 fiscal year. The agency intercepted about 5 million bogus returns for the 2012 tax year. People who file the bogus returns generally are trying to receive tax refunds to which they’re not entitled.
UPMC set up a hotline for employees who believe they are victims, and has hired tax experts to help workers file identity theft affidavits with the IRS. The hospital network also has been reimbursing employees who spent money to do those types of things on their own.
“We are putting our full resources behind efforts to investigate and secure our systems,” UPMC’s vice president John Houston wrote in a letter to employees. The letter urges workers to contact their banks and the IRS to determine whether fraudulent returns have been filed using their personal information.