Massachusetts General Hospital suffers major data breach involving the private records of some 9,900 research patients

The Massachusetts General Hospital has suffered a major data breach involving private health information involving the records of some 9,900 research patients used by Neurology researchers at the hospital. The data stolen included names, dates of birth, medical record numbers and medical histories. The breach occurred between June 10 and June 16 at the hospital’s Department of Neurology, and was traced to two computer applications used its research programs, MGH said.The breach was discovered on June 24.

“The research data did not include any study participant’s Social Security number, insurance information, or any financial information,” MGH said. “The research data did not include any study participant’s address, phone number, or other contact information. The incident did not involve MGH’s medical records systems.” However, the breached data “may have included a participant’s first and last name, certain demographic information (such as marital status, sex, race, ethnicity), date of birth, dates of study visits and tests, medical record number, type of study and research study identification numbers, diagnosis and medical history, biomarkers and genetic information, types of assessments and results, and other research information,” MGH said.

Some of the breached data was “many years ago,” MGH said, and for deceased research participants, including date of death, and a summary autopsy results.

MGH hired a third-party forensic investigator to review the breach, and the hospital contacted federal law enforcement as a precaution.

The hospital said no action is needed on the part of the research participants because the breach did not involve Social Security numbers, insurance or financial information.