• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Data Breach

Mass. General breach exposes private info on 9,900 in research programs

by Cyber360 News
November 11, 2019
in Data Breach
0
Mass. General breach exposes private info on 9,900 in research programs
0
SHARES
4
VIEWS
Share on FacebookShare on Twitter

A data breach in the neurology
department of Massachusetts General Hospital (MGH) exposed private data,
including genetic information, on 9,900 people participating in research
programs, the hospital said, placing the blame on an “unauthorized third party”
who gained access between June 10 and June 16.

The hospital was quick to point out that “the research data did not include any study participant’s Social Security Number, insurance information, or any financial information” or involve its medical records system. But according to Dan Tuchler, CMO at SecurityFirst, the breach is still “troubling.”

“Medical information,
including medical history, diagnoses and even genetic information, have been
compromised,” said Tuchler. “We don’t have much experience yet in what kind of
lasting damage can be caused with this very personal info, but this is surely
going to grow in the future.”

He said the intrusion “was caused by computer applications used in neurological studies, which would likely be very cutting-edge programs developed by sophisticated computer experts,” but pointed out that “without careful attention to security best practices” even those programs could be vulnerable.

“In fact there are
usually tighter controls on basic business programs that there are on research
programs,” said Tuchler.

The nature of the
breach raises the question as to whether Mass General “outsourced the data or
the research to a third party, perhaps to another country, thus also
outsourcing their security,” said Lucy Security CEO Colin Bastable. “The
medical industry was the first to be phished, over 20 years ago, and it still ‘leads
the way’ in data incontinence.”

It’s not the first breach that Mass General has experienced. In early 2016, an unauthorized individual accessed the network of Patterson Dental Supply, a division of Patterson Companies, a Saint Paul, Minn.-based medical supplies conglomerate, which services MGH with the software used in managing dental practice information, and exposed the PII of 4,300 of the hospital’s patients. The purloined data included patients’ names, dates of birth, Social Security numbers and, in some cases, the particulars of dental appointments.

A year-earlier breach – this time at the hands of an MGH employee who inadvertently sent an email
containing personal information to the wrong email address – exposed the names, lab results and Social Security
numbers of 648 patients.

“Another
case of data breach déjà vu,” said Jonathan
Deveaux, head of enterprise data protection at comforte AG, noting the
commonality between the 2016 and 2019 breaches “is that unauthorized
individuals gained access to sensitive data.”

The latest incident, though, didn’t include SSNs, insurance information or
financial data, which Deveaux cites as a plus. “The decision to not
include data in a database is a good decision from a data privacy point of view,”
he said. “Should the database get exposed, or should unauthorized individuals
gain access, there would be no sensitive data to worry about.”

Whether Mass. General is dealing with an advanced, coordinated attack or overprovisioned access rights to a data resource, neither “is an easy one to address,” said STEALTHbits Technologies CMO Adam Laub. “Sophisticated attackers consistently circumvent security controls with high degrees of success and assessing, reviewing, and adjusting access rights across all data resources – especially in organizations like health care institutions that house sensitive data in virtually every corner of their networks – requires tremendous discipline and commitment monetarily, culturally, and otherwise.”

Mass. General said as soon as it discovered the breach on June 24, “it took steps to prevent further unauthorized access and restore the affected research computer applications and databases,” and also tapped “a third-party forensic investigator to conduct a review and has contacted federal law enforcement as a precaution.” In the wake of the incident, the hospital said that it “continues to review and enhance the security processes in place for its research programs.”

Cyber360 News

Cyber360 News

Next Post
8 suspects behind 3VE have also been identified.

8 suspects behind 3VE have also been identified.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In