Boston University’s Framingham Heart Study (FHS), one of the nation’s longest-running and most influential cardiovascular research studies, was the target of a cyberattack that compromised sensitive data of 15,448 participants. The study, which has tracked the health of participants across three generations since its inception in 1948, was interrupted when hackers gained access to the study’s server. Although Boston University’s IT specialists and those from FHS acted quickly to contain the breach, hackers were able to copy and download files containing personal and medical information.
The breach affected various types of personal data, including Social Security numbers, but less than 2% of the participants’ information was impacted by the exposure of Social Security numbers. Following the cyberattack, Boston University worked alongside federal agencies, such as the National Institutes of Health (NIH) and the U.S. Department of Health and Human Services (HHS), to investigate the incident, analyze how it happened, and ensure that appropriate support is provided for the participants.
In response to the breach, BU has notified all affected participants, providing them with guidance on how to protect their personal information. For those whose Social Security numbers were exposed, the university is offering free credit monitoring services. Additionally, the university and FHS have continued working with federal agencies to enhance their digital security measures to prevent future attacks and mitigate any adverse effects on participants.
This breach highlights the growing concerns over cybersecurity within the healthcare industry, where valuable personal data remains a prime target for cybercriminals. While there was no ransom demand in this case, the healthcare sector has seen a marked increase in cyberattacks, particularly ransomware attacks, in recent years. As BU and FHS move forward, they remain committed to addressing the incident, providing necessary support to the participants, and reinforcing security protocols to safeguard the sensitive data of those involved in the study.
Reference:
