A dental services business associate of Massachusetts General Hospital was hacked and approximately 4,300 affected patients are being notified, the hospital has announced.

In early February, Patterson Dental Supply notified Massachusetts General that an outside party gained access to its electronic files, according to a hospital spokesperson. Protected health information that may have been accessed included patient names, birth dates, Social Security numbers, and in some cases also included date and type of appointment, dental provider names and medical record numbers.

Notification of patients was delayed beyond the HIPAA-prescribed requirement of within 60 days of discovery, at the request of law enforcement agencies. This has become a regular practice in the cyber threat era, because police want all information withheld until the investigation is substantially complete. Patient notifications began on June 29.

Massachusetts General is offering affected patients one year of credit monitoring services from Experian, and the hospital currently remains engaged with Patterson Dental Supply.

In a statement, the hospital said the breach did not involve unauthorized access to any of its information systems or any files maintained by the hospital.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access