Data Breach of 10K at Massachusetts General Hospital Puts Study Participants' Genetic Info At Risk

Massachusetts General Hospital yesterday notified nearly 10,000 patients of a breach involving its neurology department — and potentially exposing biomarkers and genetic information of participants of research studies.

The hospital learned in June that an unauthorized third party accessed databases related to two computer applications used in the neurology department for research studies.

Two months later, officials are now “in the process of notifying the affected individuals,” according to the notice.

“(Massachusetts General Hospital) does not believe there are any specific steps research study participants should take because of this incident; the data did not involve any Social Security Number, insurance or financial information,” the hospital added.

Research data that could have been compromised include:

• Participant’s first and last name
• Demographic information such as marital status, sex, race and ethnicity
• Date of birth
• Dates of study visits and tests
• Medical record number
• Type of study and research study identification numbers
• Diagnosis and medical history
• Biomarkers and genetic information
• Types of assessments and results
• Other research information

“As of this moment, we do not have further details to add to our press release and public notice,” a spokesperson from Massachusetts General Hospital wrote in an email statement to Inside Digital Health™.

After investigating the breach, Massachusetts General Hospital discovered that the unauthorized user had access to databases between June 10 and 16 that contained research data.

Data obtained by the unauthorized did not include the participant’s Social Security Number, insurance or financial information, address, phone number, contact information or Massachusetts General Hospital’s medical records system, the privacy notice claims.

The hospital used a third-party investigator to conduct a review and contacted law enforcement. The hospital also said it continues to review and enhance its research programs’ security processes.

While Massachusetts General Hospital said there are no specific steps participants should take due to the incident, it offered ways for participants to protect their health information.

Among the suggestions, Massachusetts General Hospital recommended that participants review their account statements and report questionable charges to the hospital’s billing office. Participants should also contact their healthcare provider if they update any of their personal information, Massachusetts General Hospital suggested.

Get the best insights in digital health directly to your inbox.

Related

Cyberattack Threats to Watch For in Healthcare So Far in 2019

Report: How Hackers Attack Healthcare, Compromise Cybersecurity

Patient Records Compromised in Breaches Doubled in First Half of 2019