One of the United State’s leading hospitals, Massachusetts General (MGH), has fallen victim to a data breach. All data relating to its dental patients has been stolen.
The data includes patient names, DOB and Social Security numbers. MGH was notified in february of the breach but law enforcement held off on notifications until they finished the investigation.
The hospital is now notifying patients who have been impacted by the breach, but hasn’t released any numbers.
The data breach wasn’t MGH’s internal systems, but a third-party vendor, Patterson Dental Supply Inc. (PDSI), that the hackers gained access to. The third-party helps manage dental patient data for several hospitals as well as MGH.
“This is an instance where a third-party party has compromised the security of their partner,” stated Jack Danahy, CTO and co-founder of Barkly security located in Boston. “In environments where the information sharing is so important, and so intimate, organizations have a very real responsibility to consider the potential impact of any breach of their own security.”
“Patterson Dental is a very successful provider of products supporting dental practices, including software and technology,” Danahy added. “There was nothing in the reports to indicate that the breach at Patterson was limited to MGH patients and practices, so there may be more breaches reported in the future.”
This may only be the beginning as Patterson dental also manages other hospitals, the hackers could have potentially gotten away with a lot more personal records.
“As medical records across the globe become digitized, healthcare organizations have increased pressure to enhance cybersecurity practices from stakeholders and strict regulations, including HIPAA and HITECH,” he said. “Despite this pressure, time and time again, healthcare organizations are falling victim to cyber-attacks that are putting patient data at risk. The industry is still feeling the impact from last year’s Anthem breach and the MGH breach is just another example of how healthcare organizations rely too heavily on traditional security strategies. Healthcare organizations must shift from a reactive, ‘wait-and-see’ approach to a proactive approach and actively hunt for malicious threats to ensure patient data remains safe and secure.”