On April 4, 2024, Mass General Brigham (MGB) discovered that unauthorized individuals had accessed the personal information of some patients. An investigation, completed on May 28, 2024, revealed that two employees had improperly allowed an unauthorized person to access sensitive data between February 26, 2024, and April 4, 2024. These actions, which violated MGB’s policies, led to the employees’ immediate termination.
The compromised information did not include Social Security numbers, bank details, or credit card information. However, it may have involved personal details such as names, addresses, medical record numbers, dates of birth, email addresses, phone numbers, and health insurance policy numbers. Clinical details, including visit dates, types, locations, reasons for visits, and diagnoses, were also potentially exposed.
To address the incident and prevent future occurrences, MGB has implemented several measures. These include enhancing employee training, improving security protocols, and monitoring existing safeguards. The terminated employees were part of the breach, and MGB is reinforcing its security measures to better protect patient information.
MGB is offering 24 months of free credit monitoring and other protective services through IDX to affected individuals. Detailed instructions on how to activate these services are provided, along with a guide on additional steps patients can take to safeguard their personal information.
Reference:
