An unauthorized third party accessed neurology research databases.
Massachusetts General Hospital yesterday notified nearly 10,000 patients of a breach involving its neurology department — and potentially exposing biomarkers and genetic information of participants of research studies.
The hospital learned in June that an unauthorized third party accessed databases related to two computer applications used in the neurology department for research studies.
Two months later, officials are now “in the process of notifying the affected individuals,” according to the notice.
“(Massachusetts General Hospital) does not believe there are any specific steps research study participants should take because of this incident; the data did not involve any Social Security Number, insurance or financial information,” the hospital added.
Research data that could have been compromised include:
“As of this moment, we do not have further details to add to our press release and public notice,” a spokesperson from Massachusetts General Hospital wrote in an email statement to Inside Digital Health™.
After investigating the breach, Massachusetts General Hospital discovered that the unauthorized user had access to databases between June 10 and 16 that contained research data.
Data obtained by the unauthorized did not include the participant’s Social Security Number, insurance or financial information, address, phone number, contact information or Massachusetts General Hospital’s medical records system, the privacy notice claims.
The hospital used a third-party investigator to conduct a review and contacted law enforcement. The hospital also said it continues to review and enhance its research programs’ security processes.
While Massachusetts General Hospital said there are no specific steps participants should take due to the incident, it offered ways for participants to protect their health information.
Among the suggestions, Massachusetts General Hospital recommended that participants review their account statements and report questionable charges to the hospital’s billing office. Participants should also contact their healthcare provider if they update any of their personal information, Massachusetts General Hospital suggested.
Get the best insights in digital health directly to your inbox.