25% off all training courses Offer ends June 26, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends June 26, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

American Senior Communities Says 17,000 Employees Impacted by W-2 Scam

Posted By on Feb 21, 2017

American Senior Communities, a nursing home chain based in central Indiana, has announced that one of its employees responded to a W-2 phishing email and sent the tax information of more than 17,000 employees to tax fraudsters.

There have now been more than 70 organizations that have responded to W-2 Form phishing emails so far this year according to Databreaches.net, although the latest addition to the list is the largest confirmed breach of employee information to have occurred this year.

The massive haul of W-2 Form data included employees’ names, Social Security numbers, birth dates, and addresses. An investigation suggests that the individual behind the campaign was based offshore.

In many cases, organizations discover they have been scammed soon after the email has been sent, allowing rapid action to be taken to limit the harm caused. However, that was not the case here.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The phishing email was sent to a payment processor for American Senior Communities in mid-January; however, the incident was not discovered for a month.

The employee’s error was only identified on February 17 after some of the nursing home chain’s staff members had reported that they had attempted to file their tax returns for the previous fiscal year, only to have those claims rejected as a tax return had already been submitted in their name.

Once it became clear that the tax fraud was made possible because of the actions of an employee, the IRS was notified. The incident has also been reported to the Indiana Office of Attorney General, Law enforcement and the Indiana Department of Revenue. It is unclear how many of the 17,000 employees have already had tax returns filed in their name by fraudsters.

All employees affected by the incident have been offered free credit monitoring service to protect them against identity theft and further fraudulent use of their information.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist