Massachusetts General Hospital Data Breach Impacts 10,000 Patients

Massachusetts General Hospital (MGH) has discovered computer applications used by researchers in its Department of Neurology have been subjected to unauthorized access. The individual responsible would have been able to access the protected health information of approximately 10,000 patients.

MGH discovered the breach on June 24, 2019 and immediately terminated access to the applications and databases. An investigation was launched, and a forensic investigator was engaged to help determine the nature and scope of the breach. The investigation confirmed that two applications had been subjected to unauthorized access between June 10 and June 16, 2019.

Via the applications, the unauthorized individual would have been able to view information in databases related to specific neurology research studies. The types of information in the databases varied from patient to patient and may have included: Name, marital status, age, date of birth, sex, race, ethnicity, dates of visits and tests, medical record number, diagnoses, treatment information, biomarkers, genetic information, assessments and results, and other research information, including date of death and details of autopsy results. Highly sensitive information such as Social Security numbers, financial information, and health insurance information were not exposed.

Based on the findings of the investigation and the nature of the information exposed, MGH does not believe affected individuals need to take any steps to protect their identities. MGH will conduct a review of its security processes for research programs and will take steps to improve security to prevent similar breaches in the future.

Sonoma Valley Hospital Website Hack Forces Domain Change

Sonoma Valley Hospital in California has been forced to abandon its three-letter domain name after hackers took control of the domain.

The attack occurred on August 6. Hackers gained access to its domain and locked out the hospital. The hospital issued a statement saying it had become clear that the domain could not be recovered so the decision was taken to move to a new domain.

Internet connectivity and email accounts have now been migrated to Patients have been advised to update their contact details for the hospital as emails sent to email addresses on the old domain are not being received.

No patient information was compromised in the attack, but that does not mean patients are not at risk. The individuals who now control the domain could use it in phishing attacks on Sonoma Valley Hospital patients.

According to the hospital, the impact of the domain theft cannot be overstated. The hospital will have to change all printed material, including business cards, letterheads, marketing material, and branding.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.