Baystate Health hit with class-action suit after phishing attack exposed 12,000 patients

Weeks after Springfield, Mass.-based Baystate Health reported a phishing attack that exposed the personal health information of 12,000 patients the hospital has been slapped with a class-action lawsuit, according to

The lawsuit was filed April 11 in the U.S. District Court in Springfield, Mass.

In the complaint, one patient claims she is now at a higher risk for identity theft and other cybercrime due to the breach, reports.  

Baystate Health alerted patients on April 8 of a February phishing attack. In the notice to patients, the hospital said it had learned an unauthorized third-party gained access to an employee’s email account through a phishing attack.

Upon further investigation, Baystate Health discovered nine employee email accounts had been compromised from the cyberattack. Patients’ names, dates of birth and health information were affected by the phishing attack. A limited number of Social Security numbers, Medicare numbers and some health insurance information may have been affected.

Since the phishing attack, Baystate Health has offered patients credit monitoring and identity protection services for those whose Social Security numbers were affected.

More articles on cybersecurity:
Washington State University settles $5.26M data breach class-action suit
HHS continues to deploy strong cybersecurity solutions, report finds
Rehab center data breach exposes millions of patient records

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Top 40 Articles from the Past 6 Months