Cyber Incident Victim: Brockton Hospital

Signature Healthcare Brockton Hospital detected suspicious activity within its email environment on November 4, 2021. An investigation confirmed unauthorized individuals had accessed the email accounts of several clinicians during a period spanning from October 16, 2021, to November 4, 2021. The hospital engaged a leading forensic security firm to conduct a thorough assessment of the breach and verify the integrity of its computer systems and network. Investigators determined the compromised email accounts did not appear to have been targeted specifically for the purpose of obtaining patient data. No evidence emerged suggesting actual misuse of protected health information occurred during the intrusion, though the hospital acknowledged the possibility of unauthorized PHI access could not be definitively eliminated. The forensic review confirmed the security of Signature Healthcare's broader infrastructure despite the email account compromises.

The exposed email accounts contained patient information including first and last names, sex, birthdates, dates of hospital visits, test results, medical record numbers, diagnoses, and medical histories. This incident affected 9,798 patients treated at Brockton Hospital. Signature Healthcare emphasized its systems remained secure outside the breached email accounts and reiterated no signs of data exploitation had been identified. In response, the organization initiated a review of its technical controls and operational procedures to identify vulnerabilities. It committed to implementing enhanced security measures to reduce the likelihood of future email breaches, though specific mitigation steps were not disclosed publicly. The hospital directly notified affected individuals about the exposure of their information while maintaining transparency about the absence of documented misuse.