Bryan Lambert reports:
Mass General Brigham says some patients may have had personal information exposed after two employees allegedly allowed an unauthorized person access to private records.
The hospital says on April 4 it was made aware of an incident where patients’ personal info, including name, address, medical record number, date of birth, email address, phone number, and health insurance policy number may have been exposed.
An investigation by the hospital revealed two employees may have allowed an unauthorized person to do some of their job duties and see some patients’ personal information between February 26, 2023, and April 2, 2024.
The hospital says the two employees were fired.
Read more at Boston 25 News.
The hospital’s substitute notice can be found on its website. DataBreaches emailed MGB to ask two questions:
- Whether the non-employee accessed patient data directly from their system, and
- When MGB discovered the breach, was it able to get the non-employee’s device(s) to securely wipe any patient data? Did the non-employee sign any attestation about secure deletion and non-use of any data in the future?
No reply was immediately available.