The Massachusetts General Hospital has suffered a major data breach involving private health information involving the records of some 9,900 research patients used by Neurology researchers at the hospital. The data stolen included names, dates of birth, medical record numbers and medical histories. The breach occurred between June 10 and June 16 at the hospital’s Department of Neurology, and was traced to two computer applications used its research programs, MGH said.The breach was discovered on June 24.
“The research data did not include any study participant’s Social Security number, insurance information, or any financial information,” MGH said. “The research data did not include any study participant’s address, phone number, or other contact information. The incident did not involve MGH’s medical records systems.”
Some of the breached data was “many years ago,” MGH said, and for deceased research participants, included date of death, and a summary autopsy results.
MGH hired a third-party forensic investigator to review the breach, and the hospital contacted federal law enforcement as a precaution.
The hospital said no action is needed on the part of the research participants because the breach did not involve Social Security numbers, insurance or financial information.