Cyber Incident Victim: Einstein Healthcare Network

Einstein Healthcare Network detected suspicious activity in a limited number of employee email accounts on August 10, 2020. The organization immediately secured the accounts by resetting passwords and engaged an independent forensic firm to investigate. The investigation revealed unauthorized access occurred between August 5 and August 17, 2020, though it could not confirm whether the intruder viewed any emails or attachments. A subsequent review of account contents identified patient information including names, dates of birth, medical record numbers, treatment details (diagnoses, medications, provider names), and clinical locations. A subset of records contained more sensitive data such as Social Security numbers, driver's license numbers, and health insurance information. The breach exclusively affected patients whose data resided in the compromised email accounts, with no evidence suggesting system-wide network infiltration.

Einstein initiated patient notifications in January 2021—approximately five months after discovery—though the provided materials did not explain this delay. The organization established a toll-free call center (1-833-689-1142) operating weekdays from 9 a.m. to 7 p.m. Eastern Time to address patient inquiries. For individuals whose Social Security numbers or driver's license numbers were exposed, Einstein offered complimentary credit monitoring and identity protection services. The healthcare network reinforced staff training on identifying suspicious emails and implemented additional email security enhancements. While no evidence indicated actual misuse or data viewing by the unauthorized party, Einstein advised affected patients to vigilantly review insurance statements and medical bills for unrecognized charges. The public disclosure included a dedicated webpage (einstein.edu/datasecurity) for supplemental information but did not quantify the number of impacted individuals.