Phishing Assault Borne by Brigham and Women’s and Brigham as well as Women’s Faulkner Hospitals

Boston’s Brigham and Women’s Hospital has warned patients of a security infringement as soon as a phishing assault compromised the email account of a hospital worker. 1,009 patients have been impacted by the cyberattack.


Late previous year, a Brigham and Women’s Hospital worker suffered a phishing assault that developed in the login identifications of an email account being revealed to the invader. The account included a small quantity of PHI of a small fraction of patients of the Brigham and Women’s as well as Brigham and Women’s Faulkner Hospitals within Boston.

As per an infringement notification announced on the Brigham and Women’s Hospital site, just one email account was affected and the electrical health recording system was not affected. Health insurance numbers, Social Security numbers, and Financial account information weren’t affected in the attack, even though affected patients have possibly had the following info revealed: Name, provider name, date of birth, date of service, medical record number, treatment and health diagnoses information.

Although accessibility to the email account was granted to the invader, the hospital hasn’t received any details that patient data have been utilized incorrectly. Infringement warning letters were posted to all impacted patients on January 11, 2016, to warn them of the confidentiality infringement.

The illegal opening of the email account was found out on November 13, 2015, even though the infringement notice doesn’t show when the attack actually happened.

Phishing Assault Underscores Requirement to Carry out Consistent Anti-Phishing Training

The data infringement underscores the danger of phishing assaults being tolerated by healthcare providers as well as shows how crucial it is for healthcare providers to carry out regular HIPAA training periods on phishing prevention to handle that danger. Consistent anti-phishing training drills have been shown to be extremely helpful at preventing phishing attacks from being tolerated. The more times phishing trainings are offered; the nicer staff members get at recognizing possible phishing emails.

The phishing assault has encouraged Brigham and Women’s Hospital to increase the technical precautions used to protect network identifications, as well as further training on email and network safety is being provided to its workforce in an attempt to avoid more cyberattacks from being tolerated.

Earlier security events impacting Patients of Brigham and Women’s as well as Faulkner Hospitals

Patients of Brigham and Women’s Faulkner Hospital as well as Brigham and Women’s Hospital were impacted by the Partners Healthcare System phishing attack informed to OCR in May previous year. 2,252 patients were also affected by 3 separate privacy infringements tolerated in 2011, 2012, and 2014, each of which included the thievery of unencrypted devices utilized to stock ePHI.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.