Baystate Health which is based in Massachusetts recently suffered data breach when several of its employees had fallen victim to a phishing scam. The incident potentially impacted the information of approximately 13,000 patients.
Baystate Health is a not-for-profit integrated health care system. It is serving over 800,000 people in western New England. More than 140 years, Baystate Health has been providing skilled and compassionate health care in the region. More than 12,000 team members works for Baystate Health. It is one of western Massachusetts’ strongest economic engines.
On August 22, 2016, facility learned that five of its employees replied to a phishing email. As per the reports, the email was designed by hackers to look like an internal Baystate memo. Certain patient information was accessed by the hackers.
Social Security numbers and other financial information were not included in the emails. Affected information includes patient names, dates of birth, diagnoses, treatments received, medical record numbers and, in some instances, health insurance identification numbers.
Baystate believes that there is no indication that patient information was misused. Facility took steps to secure the email accounts and began an investigation. The incident is also reported to law enforcement.
“Baystate is committed to protecting private information and is taking this matter very seriously,” the statement read. “To help prevent a similar event from happening again, we are increasing our employee training about phishing emails.”
Baystate did not mention number of affected individuals. But as per the OCR data breach reporting tool, accurately 13,112 individuals were affected.
As per the Baystate, “We mailed letters to people who may have been affected. If you believe you may be affected and have not received a letter by November 5, 2016, or if you have any questions about this incident, please call.”
Alertsec is the easiest way to ensure that any data stored on a laptop is encrypted at all times and kept secure even if the device is lost or stolen.