Analecta Cyber Company Blog: 13K Patients’ Data at Risk after Phishing Attack

2016-11-07

13K Patients’ Data at Risk after Phishing Attack

Patients data at the Baystate Health in Springfield, Massachusetts are believed to be at risks when a phishing emails were responded by 5 employees. About 13,000 patients’ personal data are potentially exposed in an unauthorized access attributed to email phishing scam.

Baystate Health discovered the phishing campaign incident on August 22 which was sent to several employees, 5 of those responded the phishing email. It paved way for hackers to gain entry to email accounts of those employees. Baystate Health officials said that some of those hacked emails accounts have patient information. Officials added that Phishers conceal its identity by pretending to be the health system memo to employees. Upon learning the incident, Baystate Health immediately took action to secure the accounts and initiated an investigation.

The emails contained: patients’ names, diagnoses, treatments, dates of birth, medical record number and some included health insurance ID numbers. Fortunately, records like social security numbers and financial information were not included.

Baystate Health sent a notification letter to its patient on October 21 although there were no evidence to prove that there were information taken and inappropriately used.

Officials at Baystate Health released a statement assuring its patients that they are taking the matter seriously. The health system increased its Employee Training on Phishing Emails to prevent the same incident from ever happening again. They are planning to do a continuous training on the matter so that employees will be able to properly deal with Phishing attacks when it happen.