LYNN — The Lynn Community Health Center (LCHC) is in the process of notifying patients of a recent data security incident that impacted the email account of an employee.
Announcement of the breach came earlier this week, when the LCHC notified its clients about the issue.
As of Monday, the LCHC said it has no indication that any of its clients’ personal information was breached.
The incident came to light in July, when the LCHC learned that an unauthorized person had gained access to the email account of one of its employees as a result of a “phishing” scheme. Phishing is when a hacker replicates an email from a trusted source and directs it to a third party. Once that recipient responds, it can be a means to gain unauthorized access to the email account of the recipient.
Upon learning of the incident, LCHC secured the employee’s email account to prevent further access. During its investigation of the incident, it used independent digital forensics experts to determine the scope and extent of the potential breach and to search for any personal information in the impacted account. The organization concluded that the “phishing” efforts were limited to that single account, and were effectively thwarted at the same time.
The LCHC is still investigating, but it found that personal information of current and former patients was contained in the affected email account and, therefore, information such as birth dates, phone numbers, mailing addresses, insurance information, medical record numbers, diagnoses and other clinical information were potentially accessible to the unauthorized individual. However, the LCHC does not believe any of that information got into the hands of any unauthorized person.
The LCHC has begun notifying patients whose personal information was contained in the impacted email account and providing information about potential measures those patients can take to monitor and/or protect their information. Patients whose Social Security numbers may have potentially been impacted received an offer for complimentary credit monitoring and identity theft protection services.
Patients who have questions regarding this incident can call (781) 715-6226 with their contact information. The call will be returned as soon as possible from Monday through Friday.
Steve Krause can be reached at [email protected].
