Boston-based nonprofit health care system Partners HealthCare is notifying about 3,300 patients about a security breach.
Partners says in November 2014 it discovered that a group of its workers received phishing emails and provided information in response.
Partners says some email communications contained patient information including names, addresses, dates of birth, telephone numbers and Social Security numbers. Partners HealthCare also disclosed that the emails also contained clinical information such as diagnoses, treatments received and insurance information in a clear breach of privacy and HIPAA policy.
Partners said Thursday it contacted law enforcement and has taken steps to secure email accounts.
The breach involved patients at Massachusetts General Hospital, Brigham and Women’s Hospital and several other hospitals affiliated with Partners.