DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Phishing attack hits another healthcare system

Posted on April 30, 2015 by Dissent

Partners Healthcare System has become the latest healthcare system to disclose that patient data was compromised by employees falling for phishing attacks:

Partners HealthCare System, Inc. and its affiliated institutions and hospitals, including Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital,North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital (“Partners HealthCare”), are committed to protecting the security and confidentiality of our patients’ information.  Regrettably, this notice concerns an incident involving some of that information.

On November 25, 2014, we learned that a group of Partners HealthCare workforce members had received “phishing” emails and had provided information in response to these emails believing that they were legitimate.  Responding to the “phishing” emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network.  When we learned of this, we took steps to secure the email accounts and contacted law enforcement.  We also began an investigation into the phishing attack on our organization, including working with an expert computer forensic firm.

Partners conducted a comprehensive review of the affected email accounts and determined that some of the emails contained patient demographic information, such as names, addresses, dates of birth, telephone numbers, and, in some instances, Social Security numbers, and some of our patients’ clinical information, such as diagnosis, treatment received, medical record numbers, medical diagnosis codes, or health insurance information.

Importantly, our electronic medical records system was not compromised.  Only certain discrete information contained in the compromised email accounts was potentially affected.

To date, we have no evidence that any patient information in the emails has been misused.  However, as a precaution, we began mailing letters to affected patients on April 30, 2015, and have established a dedicated call center to answer any questions patients may have.  If you believe you have been affected but do not receive a letter by May 21, 2015, please call 1-877-237-9502, Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time (Closed on U.S. observed holidays).  Please be prepared to provide the following ten digit reference number when calling:  3844042415.

We also recommend that affected patients regularly review the explanation of benefits (“EOB”) statements they receive from their health insurer.  If you identify services on your EOB that were not received, please immediately contact your insurer.

We deeply regret any inconvenience this may have caused you.  To help prevent something like this from happening in the future, we have re-enforced workforce member education regarding “phishing” emails and are enhancing our existing technical safeguards to protect patient information.

Lindsay Kalter of the Boston Herald reports that 3,300 patients may have been impacted.

Partners Healthcare is the second system to disclose such problems this month. DataBreaches.net recently reported that at least five member hospitals of Ascension Healthcare were also hit by successful phishing attacks that were discovered during the first week of December. Ascension, who has yet to issue any statement or disclosure and seems to be letting the affected hospitals individually disclose,  was unwilling to disclose how many other hospitals or affiliates in their system may also have been hit. So far, over 83,000 patients have reportedly been impacted by the five hospitals we know about.

Category: Health DataMalwareOf NoteU.S.

Post navigation

← Technical College of the Lowcountry notifies students whose SSN were exposed online by third party
Confidential information exposed over 300 times in ICANN security snafu →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.