Skip to main content

Analysis

MGH Data Breach Affects 9,900 People

By John Commins  
   August 26, 2019

The breach in the hospital's Neurology Department did not include Social Security numbers, or insurance or financial information.

Nearly 10,000 people are being notified by Massachusetts General Hospital that an unauthorized third-party had access to their personal information.

The breach affecting as many as 9,900 people occurred between June 10 and June 16 at the renown Boston-based hospital's Department of Neurology, and was traced to two computer applications used its research programs, MGH said in a media release. The breach was discovered on June 24.

"The research data did not include any study participant's Social Security number, insurance information, or any financial information," MGH said. "The research data did not include any study participant's address, phone number, or other contact information. The incident did not involve MGH's medical records systems."

However, the breached data "may have included a participant's first and last name, certain demographic information (such as marital status, sex, race, ethnicity), date of birth, dates of study visits and tests, medical record number, type of study and research study identification numbers, diagnosis and medical history, biomarkers and genetic information, types of assessments and results, and other research information," MGH said.

Some of the breached data was "many years ago," MGH said, and for deceased research participants, included date of death, and a summary autopsy results.

MGH hired a third-party forensic investigator to review the breach, and the hospital contacted federal law enforcement as a precaution.

At this point, the hospital said no action is needed on the part of the research participants because the breach did not involve Social Security numbers, insurance or financial information.

(People who have any questions or would like additional information can call (866) 904-6219, Monday-Friday (9:00 am – 9:00 pm Eastern) or Saturday-Sunday (11:00 am – 8:00 pm Eastern).  

John Commins is a content specialist and online news editor for HealthLeaders, a Simplify Compliance brand.


KEY TAKEAWAYS

The breach affecting as many as 9,900 people occurred between June 10 and June 16 at the renown Boston-based hospital's Department of Neurology.

The breach was traced to two computer applications used its research programs.

The breached data 'may have' included a participants' name, date of birth, medical record number, type of study, diagnosis and medical history, biomarkers and genetic information.


Get the latest on healthcare leadership in your inbox.