Analecta Cyber Company Blog: Compromised email account exposed patient information from Brigham and Women’s and Brigham and Women’s Faulkner Hospitals

2016-04-07

Compromised email account exposed patient information from Brigham and Women’s and Brigham and Women’s Faulkner Hospitals

Almost a year ago, a phishing incident happened in Brigham and Women’s as well as Brigham and Women’s Faulkner Hospitals. According to reports, it happened in April 2015.Now they are reporting yet another incident. This time it involves and email account of their own employee. Details of how the hacking scheme was executed have not been disclosed. But as a precautionary measure, the hospitals began notifying affected individuals by mailing letters to them. And according to the new report to the Department of Health and Human Services, 1,009 patients were potentially affected.


The hospital made the incident known to the public by posting an official statement on its website. They pointed out that by the end of last year, they discovered that one of their employee's network credentials were obtained by an unauthorized party and utilized it to access that employee’s email account. They immediately put into action necessary measures to secure the compromised account and began an investigation.

Experts assisting investigation

The hospital has reached out to a firm experience in computer forensics to aid them in their investigation. Results of the full evaluation of the compromised email account revealed that a limited number of individuals were potentially affected. Information accessed through the phishing scheme consists of full names, birth dates, medical record numbers, provider names, dates of service, and other clinical information such as diagnosis and treatment received.

On a good note, the account accessed did not include any health insurance numbers or other financial or account information of patients or hospital staff. The investigation also indicated that electronic medical records of their patients were not affected. On their website, they also said that not all of their patients' information was accessed but only those isolated information in the compromised email account.

Currently, it appears that accessed information has not been misused in any way. Still, their management has uttered their commitment in securing all sensitive information they maintain and that necessary measures are taken to further increase the technical security in their network system.