The unauthorized party obtained the network credentials of a Brigham and Women’s employee on Nov. 13, 2015, and accessed the employee’s email account.
The emails in the affected account potentially contained full names, birth dates, medical record numbers, provider names, dates of services and some clinical information. The emails did not contain health insurance numbers or financial or account information.
The hospital says it currently has no evidence any patient information has been misused.
According to the HHS Office for Civil Rights’ breach notification portal, Brigham and Women’s Hospital reported the breach Jan. 11.
More articles on data breaches:
21k customer records hit by Blue Shield of California security breach
St. Mary’s Medical Center faces PHI breach lawsuit
Oregon breach notification law goes into effect
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
