Firm allegedly misleads staff about pay rise

Amid the resultant employee anger, the company has defended its actions as necessary.

Firm allegedly misleads staff about pay rise
US-based non-profit healthcare organisation, Atlantic Health System, has come under fire for an email which employees have claimed is deceiving.
The firm sent 5,000 randomly selected employees an email announcing a pay rise. Enclosed instructions told recipients to click a link and enter their employee ID number, date of birth and home post code, according to New Jersey based media outlet NJ Advance Media.
A message sent to the publication anonymously said that one quarter of the firm’s staff opened the email. Two-thirds of this group then provided the requested information.
However, the emails turned out to be a computer security test run by the hospital to probe how safe the company was from phishers. These are individuals who mimic reputable organisations in order to get personal information from their victims.
Some employees were unhappy about the test with one anonymous staff member telling NJ Advance Media that the company had lied to employees who were “angered” about the apparent deception.
While a spokesperson for the five-hospital system apologised for using the prospect of a pay rise, he refrained from apologising for the test itself.
“We do acknowledge that the email was upsetting to people, and we do apologise for that,” said Robert Seman. “Our intention was not to antagonise, but to test our strength if we were attacked by criminals.”
Hospitals have a “mother lode” of information for hackers, said Mac McMillan from CynergisTek, the firm which ran Atlantic Health System’s exercise. This includes birth dates, social security numbers and financial data of patients.
“We do those phishing exercises for a lot of hospitals across the country, and the fact is those hospitals that run test exercises have a much better chance of avoiding a future incident,” he said.
A phishing test is designed to create an emotional response strong enough to override the recipient’s caution, McMillan added.
“This one obviously struck a chord with the users,” he said. “Instead of stopping and thinking, ‘Is this the normal way I would be notified about getting a raise?’ employees thought, ‘Oh good, I’m going to get a raise’.”
Pay issues and benefits are often used in real phishing attacks, he continued, adding that the method was not over the line.
“We have to help our employees become more sensitised as to what the bad guys will do.”
More like this:

Full list of Living Wage employers revealed

Rainbow Tick for top law firm

What HR can learn from Brexit

Recent articles & video

'More people are leaving their jobs than at any point in history'

Can you measure HR's impact on employee experience?

Jack Dorsey steps down as Twitter CEO

What makes an HR hero? Award winners reveal secrets

Most Read Articles

'No jab, no job': Supreme Court rejects request to rule on policy directly

The Great Resignation: What are candidates looking for?

Supermarket distribution workers walk off the job over pay