Dive Brief:
- Partners HealthCare is notifying 3,300 patients of a security breach that it discovered in November.
- A group of employees received phishing emails and provided information in response; some of that information included clinical information, names, addresses, dates of birth and social security numbers.
- Partners says there is no evidence so far that the data has been misused. The breach involved patients at Massachusetts General, Brigham and Women's and several other Partners affiliates.
Dive Insight:
This isn't a big breach, but there are a couple of takeaways here. Number one, phishing, in which criminals attempt to trick providers into providing information via bogus emails, is becoming an increasingly serious risk. Remember: the breach of 39,000 patients that Seton Healthcare announced this week was a phising scam.
According to a report from e-mail security company Agari, the healthcare industry is falling behind in preserving the privacy and security of e-mail communications. Agari reports that healthcare providers have the lowest "TrustScore" when it comes to keeping online communication secure; an e-mail from a healthcare provider is "four times more likely to be fraudulent than one that is purportedly from a social-media company like Facebook," the company says.
The other big takeaway here is the importance of staff training in preventing a breach. Emphasizing data privacy and security and training staff to be suspicious of email requests for patient information is an important part of any data security strategy.
Want to read more? You may enjoy this story on 4 ways providers can avoid a data breach.