Massachusetts General Hospital announced on Thursday that approximately 10,000 people had their private information revealed in a data breach at its neurology department.
MGH learned on June 24, 2019 that an unauthorized third party had access to two computer applications used by researchers in their neurology department between June 10 and June 16, 2016. The data are related to neurology research conducted by MGH and may include first and last names, date of birth, diagnosis and medical history, among other information.
The data breach did not expose study participants' Social Security Numbers, health insurance or financial information. It also did not include contact information such as addresses or phone numbers.
MGH's medical record system wasn't affected by the breach.
"As soon as MGH discovered this incident, it took steps to prevent further unauthorized access and restore the affected research computer applications and databases," the hospital said in a statement.
MGH is reaching out to affected individuals to inform them of the privacy breach but said that research study participants don't need to take any specific actions because of the incident.
The healthcare industry has long fought to protect patient privacy and ensure data integrity.
Securing health data will become even more critical going forward, especially as new technologies and therapies require the use of more and more sensitive information. And ensuring patient privacy is critical to drawing willing participants for research on developing new medical innovations. In recent months, third-party access to data has been a particular concern for providers, health plans and trade groups.
"This breach is troubling," said Dan Tuchler, chief marketing officer of SecurityFirst. "Medical information, including medical history, diagnoses and even genetic information, have been compromised. We don't have much experience yet in what kind of lasting damage can be caused with this very personal info, but this is surely going to grow in the future."