“Massachusetts General Hospital is deeply committed to the security and confidentiality of our patients’ information, including any such information maintained by our third-party vendors.” That’s the apology issued by Massachusetts General Hospital in Boston following a data breach that netted a hacker 4,300 patient records.
The data thief accessed the files through a third party vendor, Patterson Dental Supply, Inc. The good news is that the hacker wasn’t able to access Mass General’s systems, but it goes to show that your security is only as good as the weakest link, including the security used by vendors.
Mass General first discovered that an unauthorized user had accessed the data almost five months ago in early February and reported it to the authorities, but they were told to hold off on notifying victims and the public while the investigation was ongoing. That finished in late May and Mass General began notifications as soon as they could.