The personal information of approximately 3,300 patients may have been compromised after a group of employees at Boston-based Partners HealthCare engaged with phishing emails.
According to a notice from the health system, some Partners employees received the phishing emails Nov. 25, 2014 and, believing the emails were legitimate, responded to them. By responding to the phishing emails, the hackers were able to access the employees' email accounts within the Partners network.
Potentially compromised information includes names, addresses, birth dates and telephone numbers. Some Social Security numbers and some clinical information and health insurance information may have also been compromised, according to Partners. However, the EMR system was not accessed.
Those affected include patients of Partners and affiliated hospitals Brigham and Women's Hospital, Brigham and Women's Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care and Newton-Wellesley Hospital, all in Boston except Newton-Wellesley Hospital in Newton, Mass.
Since learning of the attack, Partners secured the email accounts, contacted law enforcement and started an investigation into the phishing attack.
As of now, Partners has received no indication that any of the exposed patient information has been misused.
More articles on data breaches:
FBI advises Anthem not to speak publicly about breach
Many companies still vulnerable to Heartbleed malware
Phishing attack compromises 39,000 patients' records at Seton Family of Hospitals