Massachusetts General Hospital notified 10,000 patients that their personal health information have been exposed to a data breach.
An unauthorized third party gained access to two computer programs used by researchers in the hospital’s neurology department, the organization stated.
Massachusetts General Hospital took immediate steps to secure the programs.
Patient data that may have been affected included names, dates of birth, medical record numbers, and medical histories.
No Social Security numbers or financial information were affected.
Source: https://informationsecuritybuzz.com/massachusetts-hospital-notifies-10k-patients-of-data-breach/
TPRM report: https://scoringcyber.rankiteo.com/company/massachusetts-general-hospital
"id": "mas11210423",
"linkid": "massachusetts-general-hospital",
"type": "Breach",
"date": "08/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 10000,
'industry': 'Healthcare',
'location': 'Massachusetts',
'name': 'Massachusetts General Hospital',
'type': 'Hospital'}],
'attack_vector': 'Unauthorized Access',
'data_breach': {'number_of_records_exposed': 10000,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'dates of birth',
'medical record numbers',
'medical histories']},
'description': 'Massachusetts General Hospital notified 10,000 patients that '
'their personal health information have been exposed to a data '
'breach. An unauthorized third party gained access to two '
'computer programs used by researchers in the hospital’s '
'neurology department, the organization stated. Massachusetts '
'General Hospital took immediate steps to secure the programs. '
'Patient data that may have been affected included names, '
'dates of birth, medical record numbers, and medical '
'histories. No Social Security numbers or financial '
'information were affected.',
'impact': {'data_compromised': ['names',
'dates of birth',
'medical record numbers',
'medical histories'],
'systems_affected': ['two computer programs used by researchers in '
'the neurology department']},
'response': {'communication_strategy': ['notified 10,000 patients'],
'containment_measures': ['took immediate steps to secure the '
'programs']},
'threat_actor': 'Unauthorized third party',
'title': 'Data Breach at Massachusetts General Hospital',
'type': 'Data Breach'}