Partners HealthCare Notifies 2,600 Patients of Malware Attack

Feb. 6, 2018
Partners HealthCare has notified approximately 2,600 patients whose private information may have been breached when Partners’ computer network was impacted by a malware attack last year.

Partners HealthCare has notified approximately 2,600 patients whose private information may have been breached when Partners’ computer network was impacted by a malware attack last year.

The Boston-based health system said that suspicious activity was discovered last May by Partners’ monitoring systems. Partners quickly was able to block some of this malware and hired third-party forensic consultants. Based on Partners’ investigation, the malware was not specifically targeted to impact the organization’s information, and Partners confirmed there was no access to its electronic medical record (EMR) system, according to officials.

Based on Partners’ investigation, the malware may have resulted in unauthorized access to certain data resulting from user activity on affected computers from May 8, 2017 to May 17, 2017. As impacted computers were identified, Partners implemented containment measures to mitigate further impact, officials said.  

As part of its review, Partners became aware in July of data that appeared to possibly involve personal and health information. “The impacted data was not in any specific format, and it was mixed in together with computer code, dates, numbers and other data, making it very difficult to read or decipher,” according to the organization’s statement.

An analysis in December then revealed that the information involved may have included some health information, including first and last name, date(s) of service, and/or certain limited clinical information such as procedure type, diagnosis, and/or medication. For some patients, Social Security Numbers and financial account data may have been involved. Potentially affected patients have been sent personal letters explaining the type of information involved.

At this time, Partners said it is not aware of any misuse of patients’ health or personal information. The health system also said it has taken several measures to prevent similar incidents from happening again, including enhancing its security program, controls and procedures and continuing to actively monitor systems for unusual activity.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?