Hackers may have accessed medical and personal information, including Social Security numbers, about 3,300 patients at Partners HealthCare, the health system said Thursday.
The breach happened when some Partners employees responded to phishing e-mails, which allowed unauthorized access to their e-mail accounts. Some of the e-mails contained private patient information, including Social Security numbers, addresses, phone numbers, and information about medical treatments and health insurance.
Partners said it discovered the issue in November and has since done an investigation, contacted authorities, and taken steps to secure e-mail accounts.
“When we learned of this, we took steps to secure the email accounts and contacted law enforcement,” spokesman Rich Copp said. “We notified patients as soon as we could determine their information may have been affected.”
Partners said it had no evidence patient information had been misused, but is nonetheless asking the affected patients to monitor the documents they receive from their insurers for suspicious activity.
The people affected by the breach include patients of Brigham and Women’s Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital. Patients were notified by mail Thursday.
Partners said its electronic health records system was not affected.