Partners HealthCare system in Boston is not giving much information on a breach it discovered in November 2014 and made public on April 30.

In November, a group of employees fell victim to “phishing” emails that appeared to be legitimate and asking for patient information that included patient names, addresses, dates of birth, telephone numbers, and in some cases Social Security numbers, clinical information such as diagnoses and treatment, medical record numbers and health insurance information, according to the announcement. In total, about 3,300 patients are affected and being notified.

Also See: 200 Organizations Sought to Assess their Cyber Threats for Free

The organization in a notice to patients is not offering credit and identity protection services, but has set up a call center to answer questions and also is advising patients to review explanation of benefits statements from their health insurer to confirm the listed services are legitimate.

“We deeply regret any inconvenience this may have caused you,” the notice concludes. “To help prevent something like this from happening in the future, we have re-enforced workforce member education regarding ‘phishing’ emails and are enhancing our existing technical safeguards to protect patient information."

The notice does not explain why patient notification took five months; it is possible that the delay was at the request of law enforcement agencies. A Partners spokesperson did not return two telephone calls asking for more information.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access