The confidential personal information of approximately 12,000 Baystate Health patients was accessed as part of a recent email phishing incident.
The health care system said in a statement that between Feb. 7 and March 7, it learned of "unauthorized access to a limited number of employee email accounts... due to a phishing incident."
An investigation showed patient information was contained in the emails, including patient names and dates of birth, health information including diagnoses, treatment information and medications, and in some cases health insurance information.
Baystate said the incident did not affect all of its patients, and they have no indication that any patient information was actually viewed, acquired or misused.
To be safe, they've begun mailing letters to affected patients and established a call center to answer questions about the breach.
Anyone who thinks they may have been affected is urged to call 1-833-231-3361.
To keep this from happening again, Baystate said it has increased the level of email logging, blocked access to email accounts outside of the network and required all affected employees to change their passwords.
Baystate Health is a nonprofit health care system serving over 800,000 people across western New England. Its facilities include Baystate Medical Center and Baystate Children's Hospital in Springfield and three community hospitals -- Baystate Franklin Medical Center in Greenfield, Baystate Noble Hospital in Westfield and Baystate Wing Hospital in Palmer -- plus a network of more than 80 medical practices, home care and hospice services and laboratory and diagnostic services.