Partners HealthCare system in Boston is not giving much information on a breach it discovered in November 2014 and made public on April 30.
In November, a group of employees fell victim to “phishing” emails that appeared to be legitimate and asking for patient information that included patient names, addresses, dates of birth, telephone numbers, and in some cases Social Security numbers, clinical information such as diagnoses and treatment, medical record numbers and health insurance information, according to the announcement. In total, about 3,300 patients are affected and being notified.
The organization in a notice to patients is not offering credit and identity protection services, but has set up a call center to answer questions and also is advising patients to review explanation of benefits statements from their health insurer to confirm the listed services are legitimate.
“We deeply regret any inconvenience this may have caused you,” the notice concludes. “To help prevent something like this from happening in the future, we have re-enforced workforce member education regarding phishing’ emails and are enhancing our existing technical safeguards to protect patient information."
The notice does not explain why patient notification took five months; it is possible that the delay was at the request of law enforcement agencies. A Partners spokesperson did not return two telephone calls asking for more information.
This story originally published by Information Management's sister brand, HealthData Management.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access