Lawrence General Hospital in Massachusetts is notifying patients of a breach that occurred in September.
In their disclosure, LGH notes that on September 19, they discovered a “data security incident that disrupted the operations of our IT systems.” Their investigation determined that an unauthorized party “may have accessed its IT systems between September 9, 2020 and September 19, 2020.”
A subset of patients may have had their information accessed.
This information may have included names, LGH-assigned
patient identification numbers, insurance type, and LGH-assigned visit identification numbers. In some very limited instances, clinical information may have been subject to unauthorized access. Fewer than 5 individuals had their Social Security numbers potentially involved.
LGH began mailing notifications to the unspecified number of patients on November 5. They do not seem to be offering any mitigation services, but advise patients to review statements they receive from their healthcare providers and contact providers if they spot anything irregular or suspicious.
This incident does not (yet?) appear on HHS’s public breach tool. Nor does it (yet?) appear on Massachusett’s public list, as that has not yet included entries from November.