Credential Misuse and Data Breach

January 24th, 2016 by admin Leave a reply »

Brigham and Womens Faulkner Hospitals (Brigham) experienced data breach when an unauthorized user obtained an employees network credentials.

According to the reports, the credentials were used to access an employees email account.

Affected information includes full names, dates of birth, medical record numbers, provider name, dates of service, and some clinical information, such as diagnoses and treatments received. However, health insurance information, health insurance numbers, or other financial or account information were not included.

The incident caused data breach to approximately 1,000 individuals as per OCR data breach reporting tool. Brighams patients and patient electronic medical records system were not affected. Only discrete information contained in the single compromised email account was potentially affected.

As per the statement:

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously,Brigham explained in its notification letter. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.


Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Leave a Reply