DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Compromised email account exposed patient info from Brigham and Women’s and Brigham and Women’s Faulkner Hospitals

Posted on January 19, 2016 by Dissent

Brigham and Women’s and Brigham and Women’s Faulkner Hospitals, who reported a phishing incident in April 2015, are reporting another incident involving the compromise of an employee’s email account. How the login credentials were compromised is not reported.

In a statement posted to their website, they provide other details:

On November 13, 2015, Brigham learned that an unauthorized party obtained the network credentials of one of our employees and used those credentials to access that employee’s email account. Upon learning this, Brigham took steps to secure the account and immediately began an investigation. Brigham also worked with an expert computer forensic firm to assist with its investigation. Through comprehensive review of the affected email account, we determined that the emails potentially contained information for a limited number of individuals including full name, date of birth, medical record number, provider name, date of service, and some clinical information, such as diagnosis and treatment received. The emails did not contain health insurance numbers or other financial or account information.

This incident did not affect all of Brigham’s patients and did not affect the patient electronic medical records system. Only discrete information contained in the single compromised email account was potentially affected.

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. If you believe you are affected, but do not receive a letter by January 26, 2015, please call 1-877- (877) 237-5190, Monday through Friday, between 9:00 a.m. and 7:00 p.m. Eastern Time (closed on U.S. observed holidays). Please be prepared to provide the following ten digit reference number when calling: 9887010616.

The incident was reported to HHS on January 11, 2016 as affecting 1,009 patients.

Category: Health DataU.S.

Post navigation

← Delco contractor hijacks website, steals thousands for project he didn’t start – District Attorney
Employee Data More Exposed Than Customer Data: Study →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)
  • RCMP thumb drive with informant, witness data obtained by criminals: watchdog

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Meta AI app is a privacy disaster – TechCrunch
  • Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
  • Norwegian Data Protection Authority’s findings on tracking pixels: 6 cases
  • Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025
  • Rules Proposed Under New Jersey Data Privacy Act
  • Using facial recognition? Three recent articles of interest.
  • India publishes consent management rules under Digital Personal Data Protection Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.