Partners HealthCare Systems has published an announcement on its website that personal and health-related data belonging to its patients was potentially exposed to unauthorized access. According to the notice, on November 25, 2014, a group of Partners HealthCare employees responded to phishing emails, which may have allowed "unauthorized access to the workforce members' email accounts" within Partners' network.
When the company learned of the scheme, they notified law enforcement and secured the targeted accounts.
Boston-based Partners said that affected email accounts contained personal information, such as patients' names, addresses, dates of birth and phone numbers. In some cases, Social Security numbers and clinical information – including details about diagnosis and treatment, health insurance information and medical records numbers – were accessible, the notice said.
AP reports that around 3,300 patients would notified about the incident. Partners said there is currently no evidence that any information is being misused.