BreachExchange mailing list archives
Class-action lawsuit filed against Baystate Health over data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 26 Apr 2019 08:18:16 -0500
https://www.masslive.com/business/2019/04/class-action-lawsuit-filed-against-baystate-health-over-data-breach.html A class action suit has been filed against Baystate Health after the data of 12,000 patients was left vulnerable following a February phishing attack. Westfied attorney Kevin Chrisanthopoulos filed the suit April 11 in U.S. District Court here in Springfield. He announced the suit Thursday. A class action suit means Chrisanthopoulos is looking for more plaintiffs to add to the suit seeking monetary damages all the eventual plaintiffs would share. The information compromised in the hack includes patient names, dates of birth, health information (such as, diagnoses, treatment information, and medications), and in some instances, health insurance information, and a limited number of Medicare numbers and Social Security numbers. On February 7, 2019, Baystate Health learned of unauthorized access to an employee’s email account and immediately launched an investigation. During the course of the investigation the health care giant learned that nine employee email accounts were compromised as a result of an email phishing incident. Lead plaintiff Aleyda Torresis of Springfield, says she is now at heightened risk for identity theft and other cybercrime, according to court papers. A Baystate spokeswoman declined to comment on the lawsuit. Baystate Health announced the breach April 8, just three days before the suit was filed but after victims like Torres had been notified. Baysate, in its announcement, outlined the steps it is taking to prevent breaches in the future. Baysate required a password change for all affected employees, increased the level of email logging and are reviewing those logs regularly, and have blocked access to email accounts outside of our network. It is also reinforcing ongoing training and education of all employees focused on detecting and avoiding phishing emails. Baystate it is offering a complimentary one-year membership of credit monitoring and identity protection services for those patients whose Social Security numbers were included. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Class-action lawsuit filed against Baystate Health over data breach Destry Winant (Apr 26)