An email phishing incident has impacted thousands of Baystate Health patients.
According to Baystate Health Spokesperson Shelly Hazlett, Baystate Health made the announcement Monday and said it has mailed letters to patients.
Hazlett said the organization was made aware of unauthorized access to an employee’s email on February 7 and immediately started an investigation. During the investigation, it was discovered that nine employee email accounts had been compromised as a result of an email phishing incident.
The investigation also found that the email accounts contained some patient information including names, birthdays, health information, and in some cases health insurance information, a limited number of Medicare numbers, and a limited number of social security numbers.
However, no patient medical records or any of Baystate’s electronic medical record systems were impacted. Hazlett said the incident impacted approximately 12,000 patients.
A direct call center for impacted patients has been established. Anyone impacted will get information from Baystate Health via direct mail and can call the center at 1-833-231-3361 between 9 a.m. and 6:30 p.m. Monday through Friday.
Baystate Health is also offering patients whose social security numbers were included, a free one-year membership of credit monitoring and identity protection services.
To prevent a similar incident from happening in the future, Baystate Health has required all impacted employees to change their passwords, increased the level of email logging, is regularly reviewing the email logs, and has blocked access to email accounts outside the network.
Baystate Health is also reinforcing their current training and education of employees focused on detecting and avoiding phishing emails.