Partners HealthCare Employees Duped into Revealing Patient Data
Partners HealthCare system in Boston is not giving much information on a breach it discovered in November 2014 and made public on April 30.
Partners HealthCare system in Boston is not giving much information on a breach it discovered in November 2014 and made public on April 30.
In November, a group of employees fell victim to phishing emails that appeared to be legitimate and asking for patient information that included patient names, addresses, dates of birth, telephone numbers, and in some cases Social Security numbers, clinical information such as diagnoses and treatment, medical record numbers and health insurance information, according to the announcement. In total, about 3,300 patients are affected and being notified.
Also See: 200 Organizations Sought to Assess their Cyber Threats for Free
The organization in a notice to patients is not offering credit and identity protection services, but has set up a call center to answer questions and also is advising patients to review explanation of benefits statements from their health insurer to confirm the listed services are legitimate.
We deeply regret any inconvenience this may have caused you, the notice concludes. To help prevent something like this from happening in the future, we have re-enforced workforce member education regarding phishing emails and are enhancing our existing technical safeguards to protect patient information."
The notice does not explain why patient notification took five months; it is possible that the delay was at the request of law enforcement agencies. A Partners spokesperson did not return two telephone calls asking for more information.
In November, a group of employees fell victim to phishing emails that appeared to be legitimate and asking for patient information that included patient names, addresses, dates of birth, telephone numbers, and in some cases Social Security numbers, clinical information such as diagnoses and treatment, medical record numbers and health insurance information, according to the announcement. In total, about 3,300 patients are affected and being notified.
Also See: 200 Organizations Sought to Assess their Cyber Threats for Free
The organization in a notice to patients is not offering credit and identity protection services, but has set up a call center to answer questions and also is advising patients to review explanation of benefits statements from their health insurer to confirm the listed services are legitimate.
We deeply regret any inconvenience this may have caused you, the notice concludes. To help prevent something like this from happening in the future, we have re-enforced workforce member education regarding phishing emails and are enhancing our existing technical safeguards to protect patient information."
The notice does not explain why patient notification took five months; it is possible that the delay was at the request of law enforcement agencies. A Partners spokesperson did not return two telephone calls asking for more information.