Massachusetts General Hospital delays notifying 10,000 patients two months after data breach
Exploit: Unauthorized database access
Massachusetts General Hospital: The largest teaching hospital of Harvard Medical School
Risk to Small Business: 1.555 = Severe: Massachusetts General Hospital (MGH) has begun notifying patients of a data breach in two of the hospital’s computer programs. The event first occurred in June, but the hospital waited more than two months before notifying patients, significantly restricting their opportunity to take precautionary measures before the data is further misused. Now, MGH is incurring the cost of third-party security analysts, and they will be subjected to additional regulatory scrutiny because of the sensitive nature of their business.
Individual Risk: 2.428 = Severe: The data breach exposed personal information for patients participating in select clinical trials. The information includes patient names, dates of birth, medical record numbers, and medical histories. However, Social Security numbers and financial data was not exposed to hackers. Despite the elongated timeframe, those impacted by the breach should review their accounts for suspicious activity, and they should enroll in identity monitoring services to ensure their information’s security moving forward.
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Especially for businesses operating in highly-regulated industries, protecting personal information is of the utmost importance. However, when a mistake is made, every business needs to supportive resources in place to hasten a full recovery and to begin repairing the intense reputational damage that accompanies a cybersecurity incident. In doing so, companies protect their customers, which could make a big difference when securing their loyalty in the future..
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
