DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Compromised email account exposed patient info from Brigham and Women’s and Brigham and Women’s Faulkner Hospitals

Posted on January 19, 2016 by Dissent

Brigham and Women’s and Brigham and Women’s Faulkner Hospitals, who reported a phishing incident in April 2015, are reporting another incident involving the compromise of an employee’s email account. How the login credentials were compromised is not reported.

In a statement posted to their website, they provide other details:

On November 13, 2015, Brigham learned that an unauthorized party obtained the network credentials of one of our employees and used those credentials to access that employee’s email account. Upon learning this, Brigham took steps to secure the account and immediately began an investigation. Brigham also worked with an expert computer forensic firm to assist with its investigation. Through comprehensive review of the affected email account, we determined that the emails potentially contained information for a limited number of individuals including full name, date of birth, medical record number, provider name, date of service, and some clinical information, such as diagnosis and treatment received. The emails did not contain health insurance numbers or other financial or account information.

This incident did not affect all of Brigham’s patients and did not affect the patient electronic medical records system. Only discrete information contained in the single compromised email account was potentially affected.

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. If you believe you are affected, but do not receive a letter by January 26, 2015, please call 1-877- (877) 237-5190, Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time (closed on U.S. observed holidays). Please be prepared to provide the following ten digit reference number when calling: 9887010616.

The incident was reported to HHS on January 11, 2016 as affecting 1,009 patients.

No related posts.

Category: Health DataU.S.

Post navigation

← Delco contractor hijacks website, steals thousands for project he didn’t start – District Attorney
Employee Data More Exposed Than Customer Data: Study →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.