SPRINGFIELD, Mass. (WWLP) – About 13,000 patients of Baystate Health may have had some of their personal information compromised, due to a “phishing” e-mail that was received by some staff members.
According to a Baystate Health news release sent to 22News, the information may have included names and dates of birth, in addition to medical information, such as diagnoses and the type of treatment the patient received, and even perhaps health insurance identification numbers. Social Security numbers and billing information were definitely not compromised, Baystate says.
Baystate Health learned about the phishing e-mail on August 22. The e-mail, which was sent to several employees- five of whom replied to it- was designed to look like a legitimate internal memo. By responding to the e-mail, those five employees potentially had their accounts accessed by hackers.
“While we are not certain that these e-mails were viewed, and we have no evidence that any of the information has been taken or misused, we began mailing letters to affected individuals on October 21, 2016, and we have established a dedicated call center to answer any questions individuals may have,” the release states.
Baystate Heatlh Media Spokesman Brendan Monahan told 22News their IT department is not at fault for the breach. Baystate Health says that they are increasing employee training on the issue of phishing emails, to ensure something like this does not happen again. “What we need to do and what we can do every day going forward, is train and retrain, and educate and reeducate our workforce, ” says Monahan. “So when one of these phishing attacks comes in, they know what it looks like, and they’re not tempted to click on it.”
Baystate’s IT department has been sending employees fake hacker emails to train them on what to look for. Meanwhile, the FBI is working to trace and find the hackers responsible.