SPRINGFIELD, MA — Baystate Health officials have issued a warning notice to its patients after learning an email phishing incident might have exposed patients’ confidential information.
In the notice, Baystate says they learned of unauthorized access to employee email accounts between February 7 and March 7.
After an investigation was launched, the health organization found that some patient information was contained in the email accounts, including patient names and dates of birth, health information (such as, diagnoses, treatment information, and medications), and in some instances health insurance information, Medicare numbers, and Social Security numbers.
However, Baystate’s electronic medical records were not involved or compromised.
While Baystate determined the incident has not affected all of its patients, it did however impact approximately 12,000.
The organization says in an abundance of caution, they started mailing letters to affected patients on April 5.
“We recommend that affected patients review the statements they receive from their healthcare providers and healthcare insurer. If they see services they did not receive, please contact the insurer or provider immediately,” the notice stated. “For those patients whose Social Security numbers were included in the email accounts, we are offering a complimentary one year membership of credit monitoring and identity protection services.”
In an effort to prevent a phishing incident in the future, Baystate has blocked access to email accounts outside of its network, increased the level of email logging and reviews and has required all affected employees to change passwords.
The organization also plans to continue its ongoing employee training focused on how to detect and avoid phishing emails.
Baystate Health has established a dedicated call center to answer any questions in regards to the incident. Patients are welcome to call 1-833-231-3361 from 9 a.m. to 6:30 p.m., Monday through Friday.