UMass Memorial Community Healthlink in Worcester reports data breach; hacker gained access to email accounts

WORCESTER — UMass Memorial Community Healthlink reported Monday that it was victimized by a phishing attack and hackers got access to patient information.

Community Healthlink said it had a forensic firm investigate and there is no way to know if hackers viewed sensitive information.

But the hackers did get access to patients’ information, including patients’names, dates of birth, client identification numbers, diagnosis and treatment information, health insurance information, and in limited instances, Social Security numbers.

On April 18, UMass Memorial Community Healthlink learned that an unauthorized individual gained access to the email accounts of two employees’ email accounts, according to a news release. Access was for a limited time on April 18. CHL said it immediately secured the accounts, began an investigation.

UMass Memorial Community Healthlink said it is reviewing all emails in the accounts to identify patients whose information was contained in an email or attachment on the accounts and may have been accessible to the unauthorized person.

UMass Memorial Community Healthlink provides comprehensive behavioral health, addiction and homeless services and is part of UMass Memorial Health Care.

UMass Memorial Community Healthlink said it has begun mailing letters to patients whose information was in the accounts. Anyone with questions is asked to call 1-877-420-0507, from 8 a.m. to 5 p.m. Monday to Friday.

For those patients whose Social Security number was contained in the email accounts, CHL is offering complimentary credit monitoring and identity protection services. CHL also recommends affected patients review any billing or explanation of benefits statements they receive from their health insurers or healthcare providers to see if they are getting billed for something they didn’t receive.

Phishing attacks are scams where people are tricked into providing computer account passwords to people they don’t know. UMass said it will step up training.

In April, Baystate Health in Springfield announced that data belonging to 12,000 patients was left vulnerable to theft following an email phishing attack.

Comments are closed.