Back to Email phishing

Email phishing

Baystate Health patient records exposed in an email phishing attack.


On April 9, 2019, Massachusetts-based Baystate Health notified its patients that an email phishing attack may have exposed their health records. The exposed information included names, dates of birth, diagnoses, treatment information, medications, health insurance information, medicare numbers, and Social Security numbers.

What happened

Between February 7 and March 7, 2019, an attacker gained access to several medical center employees' email accounts via a phishing email. The medical center immediately enlisted the help of a third-party forensic security firm to contain the attack and secure the accounts.

The subsequent investigations revealed that only the information stored in the compromised email accounts was affected, and the database containing medical records was not impacted. Baystate sent letters to all the affected patients notifying them about the breach. Aside from that, the medical center is offering free credit monitoring and identity protection services for a year to its affected patients.

Since the incident, Baystate has taken steps to improve its security systems. The passwords of the email accounts have been changed, and the email logs are being monitored. More importantly, Baystate is providing phishing attack awareness training to all its employees.

Don't want to make the news for the wrong reasons? Download ManageEngine Exchange Reporter Plus, an Exchange mailbox monitoring and reporting tool that wards off email-bound threats.

How ManageEngine can help

Exchange Reporter Plus provides a host of reports that help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Often the content and sender of malicious emails comes across as valid, tricking users into opening these emails and clicking on links embedded in them, causing serious damage to the business. This is why email attachments deserve scrutiny.

With Exchange Reporter Plus, it's easy to set up filters to guard against malicious attachments—whether they're TXT, PPT, or BAT files.

You can locate emails based on:

  • Attachment name: Display all email messages in your organization that have an attachment with a specific name. Knowing the names of malicious files helps you take necessary steps to stop email-bound threats.
  • Attachment type: Based on an attachment’s file extension, you can spot malicious software transfer over email. Any dubious attachment can be easily identified from these reports.
Attachments by file name keyword
Attachments by file extension keyword

Get started now with your free, 30-day trial of Exchange Reporter Plus.

In addition to that, ManageEngine M365 Manager Plus offers advanced Microsoft 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subjects, attachments, and bodies of emails. With this feature, admins can identify the sender's email address, the platform used by the attacker to compose the email, and the servers it has passed through.

Start your free, 30-day trial of M365 Manager Plus today.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

2022 Zoho Corporation Pvt. Ltd. All rights reserved.