DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Phishing attack hits another healthcare system

Posted on April 30, 2015 by Dissent

Partners Healthcare System has become the latest healthcare system to disclose that patient data was compromised by employees falling for phishing attacks:

Partners HealthCare System, Inc. and its affiliated institutions and hospitals, including Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital,North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital (“Partners HealthCare”), are committed to protecting the security and confidentiality of our patients’ information.  Regrettably, this notice concerns an incident involving some of that information.

On November 25, 2014, we learned that a group of Partners HealthCare workforce members had received “phishing” emails and had provided information in response to these emails believing that they were legitimate.  Responding to the “phishing” emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network.  When we learned of this, we took steps to secure the email accounts and contacted law enforcement.  We also began an investigation into the phishing attack on our organization, including working with an expert computer forensic firm.

Partners conducted a comprehensive review of the affected email accounts and determined that some of the emails contained patient demographic information, such as names, addresses, dates of birth, telephone numbers, and, in some instances, Social Security numbers, and some of our patients’ clinical information, such as diagnosis, treatment received, medical record numbers, medical diagnosis codes, or health insurance information.

Importantly, our electronic medical records system was not compromised.  Only certain discrete information contained in the compromised email accounts was potentially affected.

To date, we have no evidence that any patient information in the emails has been misused.  However, as a precaution, we began mailing letters to affected patients on April 30, 2015, and have established a dedicated call center to answer any questions patients may have.  If you believe you have been affected but do not receive a letter by May 21, 2015, please call 1-877-237-9502, Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time (Closed on U.S. observed holidays).  Please be prepared to provide the following ten digit reference number when calling:  3844042415.

We also recommend that affected patients regularly review the explanation of benefits (“EOB”) statements they receive from their health insurer.  If you identify services on your EOB that were not received, please immediately contact your insurer.

We deeply regret any inconvenience this may have caused you.  To help prevent something like this from happening in the future, we have re-enforced workforce member education regarding “phishing” emails and are enhancing our existing technical safeguards to protect patient information.

Lindsay Kalter of the Boston Herald reports that 3,300 patients may have been impacted.

Partners Healthcare is the second system to disclose such problems this month. DataBreaches.net recently reported that at least five member hospitals of Ascension Healthcare were also hit by successful phishing attacks that were discovered during the first week of December. Ascension, who has yet to issue any statement or disclosure and seems to be letting the affected hospitals individually disclose,  was unwilling to disclose how many other hospitals or affiliates in their system may also have been hit. So far, over 83,000 patients have reportedly been impacted by the five hospitals we know about.

No related posts.

Category: Health DataMalwareOf NoteU.S.

Post navigation

← Technical College of the Lowcountry notifies students whose SSN were exposed online by third party
Confidential information exposed over 300 times in ICANN security snafu →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.