On Monday, Boston's Beth Israel Deaconess Medical Center reported a security breach that could have compromised the personal information of 2,021 radiology patients, Boston Business Journal reports (Moore, Boston Business Journal, 7/19).
Details of Breach
Officials said the hospital's intrusion detection system identified the breach after a radiology workstation computer was found to be transmitting data to an unknown location via the Internet (Goedert, Health Data Management, 7/19).
The hospital said a computer service vendor had failed to restore proper security settings after performing routine maintenance on the machine (Bray, Boston Globe, 7/19). The workstation later was found to be infected with malware that used a port on the workstation to encrypt and transmit data.
Compromised Patient Data
Some of the patient information contained in the workstation included:
- Medical record numbers; and
- Dates of radiology procedures performed.
The workstation did not contain Social Security numbers or any financial data.
Hospital officials said that they are unsure what type of data were exposed in the breach because the transmitted data was encrypted.
Beth Israel CIO John Halamka said, "It could be nothing but operating system information [that] was transmitted, but we don't know."
Beth Israel has notified affected patients and offered them one year of paid identity theft protection services.
The hospital also permanently disabled the radiology workstation's capacity to connect to the Internet and installed new anti-virus software to monitor suspicious activity (Health Data Management, 7/19).