Massachusetts General Hospital (MGH) found lately that the computer applications used by the researchers of its Department of Neurology was accessed without authorization. The individual behind the breach may possibly access approximately 10,000 patients’ protected health information (PHI).
MGH became aware of the breach on June 24, 2019 and immediately blocked the software and databases from the hacker’s reach. A forensic investigator investigated the breach to find out the nature and magnitude of the data breach. It was revealed that hacker accessed two applications from June 10, 2018 to June 16, 2019.
The unauthorized individual could possibly view data stored in databases related to some neurology research reports using the applications. The patients had different types of data exposed, which included names, age, birth dates, marital status, sex, ethnicity, medical record numbers, doctor’s visit and testing dates, diagnoses, treatment information, biomarkers, genetic information, evaluations and test results, and other study information, such as time of death and autopsy findings. There was no compromise of highly sensitive information such as Social Security numbers, financial information, and medical insurance information.
Despite the exposure of data, MGH is convinced that affected individuals do not need to do anything to protect their identities. MGH will evaluate its security procedures when it comes to research programs and will reinforce security to prevent the same breaches over time.
Hacking of Sonoma Valley Hospital Website Results in Domain Change
Sonoma Valley Hospital based in California stopped using its three-letter domain name after hackers took control of its domain.
The attack occurred on August 6. Hackers took control of its svh.com domain so that the hospital cannot access it. The hospital said that there is no way to get back the domain and so the hospital got a new domain, sonomavalleyhospital.org. The website is already accessible online with an active email accounts system. Patients were requested to give an update of their contact details to the hospital since their email addresses were not retrieved from the old domain.
Patient data was not compromised in the attack, but the patients are still vulnerable. The people who presently control the domain name could use the information to start a phishing attack on the patients of Sonoma Valley Hospital.
The hospital can’t take the effect of the domain theft lightly. The hospital must change all published information, such as business cards, advertising content, letterheads, and hospital branding.