In August, several Baystate employees received an email claiming to be from the human resources department regarding salary changes. When five employees clicked on the email, they gave the sender access to their account and the patient database. The database included patients’ names, demographic information, dates of birth, health insurance ID numbers and the occasional patient diagnosis or treatment. Financial information, Social Security numbers, bank account numbers and medical charts were not exposed due to the phishing scam.
Baystate officials said they do not have any evidence to prove the exposed information has been taken or abused.
The health system started sending letters to affected patients last week. Baystate also set up a phone line for patients who do not receive a letter by Nov. 5 but believe their information has been compromised.
More articles on health IT:
Kansas Health Information Network, Health Information Exchange Texas partner through eHealth Exchange
Survey: Cryptographic issues, information leakage top list of 2016 healthcare security concerns
Instagram launches mental health feature
