A huge phishing campaign has brought Baystate Health to losing an estimated 12,000 individual patient record, the Massachusetts-based healthcare provider disclosed. The affected information that was breached includes full name, birthdate, medical record, diagnostic record, health insurance details, and social security numbers. The records were breached from the period of February to March 2019, and those who were unfortunate to have their social security numbers leaked were offered by the company a free full year of credit monitoring protection.
“This incident did not affect all Baystate patients, and we have no indication any patient information was actually acquired or viewed, or that it has been misused. To help prevent something like this from happening in the future, we required a password change for all affected employees, increased the level of email logging and are reviewing those logs regularly, and have blocked access to email accounts outside of our network unless the access is approved by Baystate,” explained a Baystate representative.
Baystate also emphasized their pivot towards training their employees in the aspects of safe computing and cybersecurity. Whether this will prevent future successful phishing attempts against is the biggest question that needs to be answered though. “As soon as Baystate identified the unauthorized access, each account was secured. Baystate hired an experienced computer forensic firm to assist in this investigation,” emphasized Kevin Hamel, Chief Information Security Officer, Baystate Health.
If not due to suspicious activity of an employee’s email account last Feb 7, 2019, the issue of a data breach could have not been exposed. Baystate is confident that the rest of their system, including the electronic medical records, remained intact, if not millions of patient records could have been lost instead of just 12,000.
“The integrity of our information systems and email security is a high priority, and we are committed to maintaining and securing patient information at all times,” concluded Joel Vengco, Baystate Health’s Senior Vice President/Chief Information Officer. Baystate has stressed that they already contacted all affected parties through snail mail. The company also set up a direct phone number for those patients that require more information and further assistance (1-833-231-3361). They will offer phone support from Monday to Friday, from 9:00 am to 6:30 pm Eastern Time.
Related Resources:
Steps to Prevent Data Breaches Quickly
Data Breach Hits Malaysian University, Personal Data Leaked
Design Website Houzz Caught In Data Breach
Image-I-Nation Supply Chain Data Breach Reported
EU Data Breaches Filed Under GDPR Is Less Than Satisfactory