June 20, 2023

VUMC cybersecurity team issues warning against Workday third party credential sharing

Vanderbilt University Medical Center’s (VUMC) Enterprise Cybersecurity (VEC) team is issuing a warning to all VUMC users who may have shared their Workday login credentials with third party online services.

Recently, VEC has become aware of VUMC employees who applied for short-term or long-term loans were given the option to verify employment and income by logging into their Workday accounts. One site in particular, AccountChek, provided this option to users. You should never enter your Workday login credentials into a third-party site.

The risks associated with sharing your Workday credentials with third parties are:

  1. Exposing your VUMC username and password to an unknown third-party.
  2. No verification on what that third-party does and/or shares about your login session.
  3. The potential to expose access to VUMC systems.

Due to the risks presented by this, VEC will expire all passwords associated with accounts who signed into one of these third-party verification services.

VUMC provides an online verification service to all current and former employees through CCC Verify. Assistance with the website can be obtained by calling Customer Service toll-free at (855)-901-3099, Monday through Friday; 7 a.m.– 7 p.m., but no verifications may be obtained via fax or email without going through CCC Verify first. Additionally, VUMC employees can use the email address, verification@vum.org, for employment verification. Please visit Employment Verification – CCC Verify for more information.

If you suspect that you have shared your Workday credentials with a third-party service, call the VUMC IT Help Desk at 615-343-HELP (3-4357) and ask for assistance with resetting your password.