Partners HealthCare is notifying approximately 2,600 patients whose private information may have been involved when Partners’ computer network was affected by a sophisticated computer program introduced by an unauthorized third party.
Suspicious activity was discovered on May 8, 2017 by Partners’ monitoring systems, and Partners immediately blocked some of this malware and hired third-party forensic consultants. Based on Partners’ investigation, the malware was not specifically targeted to impact Partners information, and Partners confirmed there was no access to its electronic medical record system.
Based on Partners’ investigation, the malware may have resulted in unauthorized access to certain data resulting from user activity on affected computers from May 8, 2017 to May 17, 2017. As impacted computers were identified, Partners implemented aggressive containment measures to mitigate further impact. As part of its ongoing review, Partners became aware on July 11, 2017 of data that appeared to possibly involve personal and health information. The impacted data was not in any specific format, and it was mixed in together with computer code, dates, numbers and other data, making it very difficult to read or decipher.
After an extensive manual data analysis completed in December 2017, the information involved may have included some health information, including first and last name, date(s) of service, and/or certain limited clinical information such as procedure type, diagnosis, and/or medication. For some patients, Social Security Numbers and financial account data may have been involved. Potentially affected patients have been sent personal letters explaining the type of information involved.
At this time, Partners is not aware of any misuse of patients’ health or personal information. Partners has taken several measures to prevent similar incidents from happening again, including enhancing its security program, controls and procedures and continuing to actively monitor systems for unusual activity. As a precautionary measure, for the limited number of patients whose Social Security Numbers were involved, Partners is offering free credit monitoring and insurance services.
Patients who have questions or would like additional information can call 1-877-218-0056, Monday through Friday, between 9:00 am and 7:00 pm Eastern Time, except during U.S. observed holidays, and should provide the following ten-digit reference number when calling: 3217020118. Information on various steps patients can take to protect their identity and health information is located at on the Partners website here and in the patient letters.
About Partners HealthCare System
Partners HealthCare is an integrated health system founded by Brigham and Women’s Hospital and Massachusetts General Hospital. In addition to its two academic medical centers, the Partners system includes community and specialty hospitals, community health centers, a physician network, a managed care organization, home health and long-term care services, and other health-related entities. Partners is one of the nation’s leading biomedical research organizations and a principal teaching affiliate of Harvard Medical School. Partners HealthCare is a non-profit organization.