Weeks after Springfield, Mass.-based Baystate Health reported a phishing attack that exposed the personal health information of 12,000 patients the hospital has been slapped with a class-action lawsuit, according to Masslive.com.
The lawsuit was filed April 11 in the U.S. District Court in Springfield, Mass.
In the complaint, one patient claims she is now at a higher risk for identity theft and other cybercrime due to the breach, Masslive.com reports.
Baystate Health alerted patients on April 8 of a February phishing attack. In the notice to patients, the hospital said it had learned an unauthorized third-party gained access to an employee’s email account through a phishing attack.
Upon further investigation, Baystate Health discovered nine employee email accounts had been compromised from the cyberattack. Patients’ names, dates of birth and health information were affected by the phishing attack. A limited number of Social Security numbers, Medicare numbers and some health insurance information may have been affected.
Since the phishing attack, Baystate Health has offered patients credit monitoring and identity protection services for those whose Social Security numbers were affected.