Partners HealthCare Notifies 2,600 Patients of Malware Attack | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Partners HealthCare Notifies 2,600 Patients of Malware Attack

February 6, 2018
by Rajiv Leventhal
| Reprints

Partners HealthCare has notified approximately 2,600 patients whose private information may have been breached when Partners’ computer network was impacted by a malware attack last year.

The Boston-based health system said that suspicious activity was discovered last May by Partners’ monitoring systems. Partners quickly was able to block some of this malware and hired third-party forensic consultants. Based on Partners’ investigation, the malware was not specifically targeted to impact the organization’s information, and Partners confirmed there was no access to its electronic medical record (EMR) system, according to officials.

Based on Partners’ investigation, the malware may have resulted in unauthorized access to certain data resulting from user activity on affected computers from May 8, 2017 to May 17, 2017. As impacted computers were identified, Partners implemented containment measures to mitigate further impact, officials said.  

As part of its review, Partners became aware in July of data that appeared to possibly involve personal and health information. “The impacted data was not in any specific format, and it was mixed in together with computer code, dates, numbers and other data, making it very difficult to read or decipher,” according to the organization’s statement.

An analysis in December then revealed that the information involved may have included some health information, including first and last name, date(s) of service, and/or certain limited clinical information such as procedure type, diagnosis, and/or medication. For some patients, Social Security Numbers and financial account data may have been involved. Potentially affected patients have been sent personal letters explaining the type of information involved.

At this time, Partners said it is not aware of any misuse of patients’ health or personal information. The health system also said it has taken several measures to prevent similar incidents from happening again, including enhancing its security program, controls and procedures and continuing to actively monitor systems for unusual activity.

2018 Boston Health IT Summit

Renowned leaders in U.S. and North American healthcare gather throughout the year to present important information and share insights at the Healthcare Informatics Health IT Summits.

August 7 - 8, 2018 | Boston

Topics

News

VA Chief Information Officer Scott Blackburn Resigns

The Department of Veterans Affairs’ (VA) acting chief information officer (CIO), Scott Blackburn, has resigned from his position, effective immediately.

HIT Advisory Committee Advances Recommendations on Core Data for Interoperability

The Health Information Technology Advisory Committee, a federal advisory committee to the Office of the National Coordinator for Health IT (ONC), voted Wednesday to approve nine recommendations to update the list of data elements that vendors must exchange to be considered interoperable.

ACP Study: Only 37 Percent of MIPS Measures Are Valid

A new study from the American College of Physicians Performance Measurement Committee rated as valid only 37 percent of the 86 Quality Payment Program measures for 2017 deemed relevant to ambulatory general internal medicine.

Intermountain Healthcare Launches Study to Unlock Genomic Data

Researchers from the Salt Lake City, Utah-based Intermountain Healthcare have announced a long-term prospective study that they think has the potential to help physicians and others unlock genomic data.

UNC Health Care Receives HIMSS Analytics Stage 7 Designation

UNC Health Care, an integrated health care system based in Chapel Hill, N.C., has achieved Stage 7 designation on the HIMSS Analytics’ Electronic Medical Record Adoption Model (EMRAM).

FDA Announces Plan to Advance Medical Device Safety and Cybersecurity

The Food and Drug Administration (FDA) has announced new proposals aimed at advancing medical device cybersecurity, including placing new responsibilities on manufacturers, both before and after their devices hit the market.