Phishing attack puts 12,000 Baystate Health patients' health information at risk

Springfield, Mass.-based Baystate Health notified about 12,000 patients of a Feb. 7 phishing attack, according to online newspaper MassLive.

The hospital learned of an unauthorized third-party gaining access to an employee's email account through a phishing attack. Baystate Health promptly began investigating the incident, during which it discovered nine employee email accounts were compromised.

Patients' names, dates of birth and health information, such as diagnoses, treatment information and medication, were affected by the cyberattack. A limited number of Social Security numbers, Medicare numbers and some health insurance information may have also been affected.

Baystate Health has contacted all patients who were affected via direct mail. The hospital's EHR system was not affected by the phishing attack.

"The integrity of our information systems and email security is a high priority, and we are committed to maintaining and security patient information at all times," Joel Vengco, senior vice president and CIO at Baystate Health, said in a statement to MassLive.

More articles on cybersecurity:
University Hospitals' employee accidentally exposes over 800 patients' health information
Department of Homeland Security reissues cyber warning on medical devices
Malware attacks from within hospital, exposes need to encrypt medical imaging

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers