Cambridge (Mass.) Health Alliance began notifying roughly 2,500 patients an unauthorized third party had some of their protected health information, according to a notice on the organization's website and reported by The Boston Globe.
The Everett, Mass., Police Department informed CHA Jan. 31 patient information was compromised when some electronic CHA files were found in the possession of an unauthorized third party. At least one of those files contained the health billing information of certain patients seen at CHA in 2013. That information included patients' full names, addresses, phone numbers, dates of birth, Social Security numbers, charges for past healthcare services and discharge dates. However, no medical records were included.
David Cecere, a CHA spokesperson, told The Boston Globe officials do not know whether the breach resulted from an internal hack or if the data was inadvertently made public.
CHA mailed letters to affected individuals March 28, but officials do not believe any of the information has been subject to credit card fraud. CHA is also offering one year of free credit monitoring and identity protection services to affected individuals.
"We deeply regret any inconvenience or concern this incident may cause our patients. We know that our patients' personal information is important to them as it is to us. We continue to monitor the security of patients' health information to help prevent this from happening in the future," a notice on CHA's website reads.
More articles on cybersecurity:
CNBC: What we suspect about Amazon's move into healthcare
UnitedHealth CEO: Tech will drive value-based care in 10 years
Boeing hit with WannaCry, but says damage is limited: 5 things to know