4,300 records breached at Massachusetts General Hospital in Boston

The incident involves a third-party vendor.
By Bernie Monegain
11:22 AM

A third-party vendor is responsible for the security breach of the protected health information of 4,300 patients at Massachusetts General Hospital.

Hospital executives posted an apology on the hospital website on June 29.

The opening salvo: “Massachusetts General Hospital is deeply committed to the security and confidentiality of our patients’ information, including any such information maintained by our third-party vendors.”

Mass General learned on February 8 that an unauthorized individual gained access to electronic files used on Patterson Dental Supply Inc. systems. Mass General later confirmed it contained some MGH dental practice information.

PDSI reported the incident to law enforcement officials, who required notification to potentially affected individuals and any public announcement of the incident be withheld while they were conducting their investigation.

Investigators lifted the requirement on May 26, and Mass General “began notification as quickly as possible once we completed our investigation,” the notice states.

[See also: Millions of patient records reportedly for sale on the dark web after ransom demand.]

“Based on our investigation, with the cooperation of PDSI, we determined that the files stored by PDSI included limited information related to some of our dental practice patients,” MGH said in a statement.

The information included patient name, date of birth and Social Security number and, in some instances, may have also included date and type of dental appointment, dental provider name and medical record number. The breach did not involve any unauthorized access to any of MGH’s systems or to any files maintained by MGH, hospital officials stated.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.