Breach

Vendor fired for risking data on 15K Boston Medical Center patients

April 30, 2014

Roughly 15,000 patients of Boston Medical Center are being notified that unauthorized access could have been gained to their personal information because a website used by physicians was not password protected by the site's operator and hospital's vendor, MDF Transcription Services.

How many victims? About 15,000. 

What type of personal information? Names, addresses and medical information, including drugs the patients were taking.

What happened? A website used by Boston Medical Center physicians to post patient medical records was not password protected by the site's operator and hospital's vendor, MDF Transcription Services.

What was the response? Upon discovery of the incident, Boston Medical Center alerted MDF and the website was taken down that day. All impacted individuals are being notified. Boston Medical Center fired MDF.

Details: Boston Medical Center learned of the incident on March 4. The hospital – which had a 10-year relationship with MDF – does not know how long the information was available without password protection.

Quote: “We have no evidence that any unauthorized individuals actually looked at the records,” Jenni Watson, chief of staff of Boston Medical Center, said.

Source: bostonglobe.com, The Boston Globe, “Boston Medical Center fires vendor after data breach,” April 29, 2014.

prestitial ad