Employees of Partners HealthCare Fall Victim to Phishing Attack
Businessinsurance.com reported that Partners Healthcare Inc., a Boston-based health care provider, announced that personal information of its patients was revealed by its employees by unknowingly answering "phishing' emails.
The health care system is affiliated with Brigham and Women's Hospital and Massachusetts General Hospital among others did not reveal the number of patients infected by the incident but the news reports said that around 3,300 patients were infected.
Partners Healthcare revealed in an official statement that employees received the phishing emails and believed them to be genuine and responded to them with all information. Businessinsurance.com reported that employees revealed all information which included names, addresses, telephone numbers, date of birth and in some cases, social security number.
It (Partners Healthcare) said that employees also revealed clinical information of some patients like diagnosis, treatment received, medical record numbers, codes of medical diagnosis or information about health insurance.
Partners confirmed that the unfortunate attack did not compromise its own electronic medical records. Partners added that it had informed law enforcement agencies after learning of the attack and hence, an investigation launched.
The company said that till date, they have no proof about misuse of any patient's details. But, as a precaution, we started notifying affected patients and have launched a committed call center for answering patient queries.
We also suggest that distressed patients review the statements of explanation of benefits ("EOB") which they get from their health insurance company. It added that if you see services on your EOB which were not availed, you should contact your insurance provider immediately.
We sincerely regret for any inconvenience which you might face.
Wbur.org published news quoting the company as saying "To thwart something like this to happen in future, Partners HealthCare has re-enforced education to workforce member regarding 'phishing' and is improving its present technical safeguards to protect the information of patients."