Email Breach of 3,300 People
Boston-based nonprofit health care system Partners HealthCare which is a group of affiliated hospitals is notifying about 3,300 patients about a HIPAA Cyber Security Email Breach.
Partners which is made up of Brigham and Women’s Hospital,Massachusetts General Hospital, Faulkner Hospital, Cooley Dickinson Hospital, Newton-Wellesley Hospital, North Shore Medical Center, Martha’s Vineyard Hospital, Nantucket Cottage Hospital, Neighborhood Health Plan, McLean Hospital, Partners HealthCare at Home , Spaulding Rehabilitation Network, Partners Community Healthcare, Inc.,MGH Institute of Health Professions says in November it learned a group of its workers received phishing emails and provided cyber security information in response. Cybersecurity Phishing emails trick their targets into handing over passwords or clicking on links that install malicious programs.
An Email Breach is defined as the intentional or unintentional release of secure information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak and also data spill. Incidents range from concerted attack by black hats with the backing of organized crime or national governments to careless disposal of used computer equipment or data storage media.
A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details, personal health information (PHI), Personal identifiable information (PII), trade secrets of corporations or intellectual property.
According to the nonprofit consumer organization Privacy Rights Clearinghouse, a total of 227,052,199 individual records containing sensitive personal information were involved in security breaches in the United States between January 2005 and May 2008, excluding incidents where sensitive data was apparently not actually exposed.
Partners says some emails contained patient information including names, addresses, dates of birth, telephone numbers and Social Security numbers and clinical information such as diagnoses, treatments received and insurance information.
Partners said Thursday it contacted law enforcement and has taken steps to secure email accounts regarding the email breach. It says it has no evidence any patient information has been misused.
Under Federal Law Partners has to report this to The Department of Health and Human Services (HHS)and a fine could be assessed if Partners is found to be negligent in properly safeguarding against a Cyber Security Email Breach.
The Cyber Security Email Breach involved patients at Massachusetts General Hospital, Brigham and Women’s Hospital and several other hospitals affiliated with Partners as mentioned above.0