Springfield, Mass.-based Baystate Health notified about 12,000 patients of a Feb. 7 phishing attack, according to online newspaper MassLive.
The hospital learned of an unauthorized third-party gaining access to an employee's email account through a phishing attack. Baystate Health promptly began investigating the incident, during which it discovered nine employee email accounts were compromised.
Patients' names, dates of birth and health information, such as diagnoses, treatment information and medication, were affected by the cyberattack. A limited number of Social Security numbers, Medicare numbers and some health insurance information may have also been affected.
Baystate Health has contacted all patients who were affected via direct mail. The hospital's EHR system was not affected by the phishing attack.
"The integrity of our information systems and email security is a high priority, and we are committed to maintaining and security patient information at all times," Joel Vengco, senior vice president and CIO at Baystate Health, said in a statement to MassLive.