A Notice to Our Patients (January 20, 2021 Update)
Einstein Healthcare Network is committed to protecting the confidentiality and security of our patients' information. We are updating our prior notice to our patients of a security incident, which was previously posted in October 2020, that may have involved some of that information.
On August 10, 2020, we identified suspicious activity within a limited number of Einstein employees' email accounts. We immediately took steps to secure the email accounts and an independent computer forensic firm was engaged to assist with our investigation. The investigation indicated that an unauthorized person gained access to the employee email accounts between August 5, 2020 and August 17, 2020. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. Out of an abundance of caution, we reviewed the contents of the email accounts to identify patient information that was contained in the email accounts. Through this review, we identified emails and/or attachments in the accounts that contained patient information, which may have included some patients' names, dates of birth, medical record or patient account numbers, and/or treatment or clinical information, such as diagnoses, medications, providers, types of treatment, or treatment locations. In some instances, patients' health insurance information and/or Social Security numbers were also included in the accounts.
This incident did not affect all Einstein patients, but only those patients whose information was included in the employee email accounts.
As a precaution, on October 9, 2020, we began mailing letters to patients whose information was identified in the accounts. We continued our investigation, which concluded on November 16, 2020, and additional letters are mailing between January 21, 2021 and February 8, 2021. We also have established a dedicated, toll-free call center to answer patients' questions. If you have questions, please call 1-833-689-1142, Monday through Friday, from 9:00 a.m. and 7:00 p.m. Eastern Time. For those patients whose Social Security numbers were included in the email accounts, we are offering complimentary credit monitoring and identity protection services. We also recommend that affected patients review any statements they receive from their health insurers or healthcare providers. If patients see charges for services they did not receive, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of our patients' information. To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment.