A Notice to Our Patients
Einstein Healthcare Network is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns a security incident that may have involved some of that information.
On August 10, 2020, we identified suspicious activity within a limited number of Einstein employees’ email accounts. We immediately took steps to secure the email accounts and an independent computer forensic firm was engaged to assist with our investigation. The investigation indicated that an unauthorized person gained access to the employee email accounts between August 5, 2020 and August 17, 2020. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. Out of an abundance of caution, we reviewed the contents of the email accounts to identify patient information that was contained in the email accounts. While this review is ongoing, we have identified emails and/or attachments in the accounts that contained patient information, which may have included some patients’ names, dates of birth, medical record or patient account numbers, and/or treatment or clinical information, such as diagnoses, medications, providers, types of treatment, or treatment locations. In some instances, patients’ health insurance information and/or Social Security numbers were also included in the accounts.
This incident did not affect all Einstein patients, but only those patients whose information was included in the employee email accounts.
As a precaution, we are mailing letters to patients whose information was identified in the accounts. We also have established a dedicated, toll-free call center to answer patients’ questions. If you have questions, please call 1-833-689-1142, Monday through Friday, from 9 a.m. and 7 p.m. Eastern Time. For those patients whose Social Security numbers were included in the email accounts, we are offering complimentary 1 year credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If patients see charges for services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients’ information. To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment.