Massachusetts General Hospital announced Thursday, August 22, that a data breach in its neurology department has exposed personal records of approximately 9,900 individuals.
According to a report from WCVB, on June 24, MGH officials discovered that an unauthorized third party gained access to its databases related to two computer applications used in neurological studies.
From there, further investigation revealed that hackers were able to gain access to databases containing research data used by neurological researches on June 10 to June 16.
The security breach is said to have exposed data of participants involved in certain research programs. This includes their names, dates of birth, medical record numbers, genetic information, medical histories, and the type of study they had participated in.
Details concerning deceased participants, such as their date of death and autopsy results, were also affected.
The MGH admin, however, maintained that no Social Security numbers and financial information were disclosed because of the breach.
In a news release, the hospital assured:
“The research data did not include any study participant’s Social Security Number, insurance information, or any financial information. The research data did not include any study participant’s address, phone number, or other contact information. The incident did not involve MGH’s medical records systems.”
The MGH claimed they were quick to respond to the issue by taking further steps to block unauthorised access and restore the affected research computer applications and databases. The hospital has also hired a third-party forensic investigator and has notified the federal law enforcement about the issue.
“MGH is in the process of notifying affected individuals. MGH does not believe there are any specific steps research study participants should take because of this incident; the data did not involve any Social Security Number, insurance or financial information,” the release added.
Different cybersecurity experts are joining in the discussion about the possible reason for the hack.
“It’s a very interesting platform to hack,” said cybersecurity expert John Moynihan. “A research database of neurology patients.”
In a report from NBC Boston, Moynihan said it’s likely that whoever is behind the breach could be looking for some valuable pieces of information concerning a particular person.
MGH urges individuals who have any questions to contact them as soon as possible. The hospital also published a general schedule so that affected patients could easily get in touch with them in their preferred time and date.