Baystate Health, of Springfield, Mass., reported that several employees last week responded to a phishing email compromising patient information.
How many victims? Potentially 13,000
What type of information? Patient's names, birth date, diagnoses, treatments, medical record number and some included health insurance identification numbers. Financial and Social Security data was not exposed.
What happened? On August 22 Baystate was informed that five employees had responded to a phishing scam that gave hackers access to some employee email accounts. Some of the compromised employee emails contained patient information. So far Baystate is unaware if any of the data has been used for fraudulent activities.
What was the response? Baystate immediately took action to secure the compromised email accounts, began an internal investigation and notified law enforcement of the situation. The institution has also created a training program to teach workers about phishing emails and has sent letters to those who may have been affected.
Details? The phishing email was socially engineered to appear like an internal corporate memo. Baystate did not say how many employees received the phishing email, but noted that five were fooled and responded opening up the gate for the malicious actors.
Quote? "Baystate is committed to protecting private information and is taking this matter very seriously.”
Source: Baystate Health