SPRINGFIELD, Mass. (WWLP) – Baystate Medical Center said Monday around 12,000 patients may have had their personal information compromised, roughly two months after the organization first found out about unauthorized access to an employees email account. 

Spokesperson Shelly Hazlett said the hospital investigated, and found a total of nine accounts had been compromised 

“It don’t surprise me because people somehow keep getting everyone’s identities, even in stores and stuff,” said Theresa Farmer of Springfield.

Hazlett said none of the hospital’s medical records were compromised. She said the compromised email accounts contained some patient information, including health information, names, and birthdays. A limited number of Medicare numbers and social security numbers may also have been accessed.

Baystate is offering any patients whose social security number may have been breached a free year of credit monitoring and identity protection. 

Starting Thursday, a new data breach notification law signed by Governor Charlie Baker will go into effect. It requires a minimum of 18 months of complimentary credit reporting if data including someone’s first and last name, and social security number are compromised. 

“I think that’s fair to be on the safe side. Just gotta be more cautious,” said a Springfield resident.

Baystate declined to be interviewed about the breach but said in a statement they have blocked access to email accounts outside of their network, and are increasing the level of email logging to prevent the incident from reoccurring. 

This isn’t the first time this has happened. Baystate employees fell victim to a similar email phishing scheme back in 2016. Compromising similar information to around 13,000 patients.

Click here if you think you may have been affected by the email phshing incident >>