por
Thomas Dworetzky, Contributing Reporter | October 27, 2016
Another day, another patient-privacy cybercrime.
Baystate Health in Massachusetts announced this week that on August 22, it “learned that a phishing email had been sent to several Baystate employees allowing hackers to access some employees’ email accounts.”
The email looked like a regular “internal Baystate memo to employees.”

Ad Statistics
Times Displayed: 109208
Times Visited: 6638 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
Email accounts were secured when the breach was discovered and an investigation begun.
In total, five Baystate employees responded to the email — which let hackers gain access to their accounts. Information on 13,000 patients was contained in the emails exposed to the cyber-invaders.
“What we need to do and what we can do every day going forward, is train and retrain, and educate and reeducate our workforce,” Baystate Health Media Spokesman Brendan Monahan
told WWLP news following the incident. “So when one of these phishing attacks comes in, they know what it looks like and they’re not tempted to click on it.”
“While we have no evidence that any patient information has been taken or misused, we want to assure our patients that we take this incident very seriously,” said Baystate, adding that the hackers may have had access to patients’ names, birth dates, diagnosis, treatment received, medical record number and, in some instances, health insurance identification number.
No Social Security numbers, credit card numbers or other financial information was exposed and no patient medical records were accessed.
Letters were sent Oct. 21 to those possibly affected.
This is just the latest in an ongoing cyber-assault on health care providers.
In August, Arizona-based Banner Health reported that a massive data hack beginning June 17 had affected the records of as many as 3.7 million individuals who were patients, health insurance plan members, food and drink customers, doctors, and others.
The attack was unearthed by Banner on July 7, 2016, when it determined that attackers may have
gained unauthorized access to computer systems that process payment card data at food and beverage outlets at some Banner Health locations.
“The attackers targeted payment card data, including cardholder name, card number, expiration date and internal verification code, as the data was being routed through affected payment processing systems,” Banner stated.
In February, Hollywood Presbyterian Medical Center in Los Angeles
paid hackers $17,000 ransom to reclaim its computer network after an attack.