Yesterday, Massachusetts General Hospital (MGH) announced it had begun notifying 4,300 patients of a security breach that may have compromised their personal information.

The data was being stored by a third-party vendor called Patterson Dental Supply Inc. (PDSI) when it was accessed by hackers on February 8.

PDSI reported the data breach to law enforcement when it was discovered, and was advised to conceal all information about it until after the investigation was complete.
The files that were stored by PDSI included “limited information” regarding the patients such as patient name, date of birth and the patient’s Social Security number. It may have also included the date of an appointment and the type of appointment made, the dentist’s name and the patient’s medical record number.

Michael Morrison, a spokesperson for the hospital, told HCB News that the patients who were affected by the incident are being provided with one year of credit monitoring services.

MGH said that it is committed to the security of sensitive information maintained by third-party vendors, and that the hospital is taking the situation very seriously. It has started mailing letters to the patients involved and has established a call center dedicated to answering questions about the breach.

PDSI has also taken steps to enhance the security of its systems but has not specified the actual steps.

Health IT Homepage