Patients privacy information at Brigham and Women’s was accessed in 2023 data breach, officials say
- Oops!Something went wrong.Please try again later.
Some patients’ personal information was compromised in a 2023 data breach that Brigham and Women’s Physician Organization (BWPO) became aware of in January, according to authorities.
A spokesperson for the company says this notification to patients is a follow-up to a cyberattack on multiple major Massachusetts health insurers last year.
According to officials, on January 29, 2024, Harvard Pilgrim Health Care informed BWPO that a file on a Harvard Pilgrim server from 2019 that contained a limited amount of patient data from Brigham and Women’s was affected in a data breach. BWPO does not own or operate Harvard Pilgrim.
On April 17, 2023, Harvard Pilgrim became aware of a cybersecurity ransomware incident, determining that it happened sometime between March 28, 2023, and April 17, 2023, according to officials.
Investigators found that an employee at Harvard Pilgrim Health Care Institute, who was also employed at BWPO part-time, reportedly backed up the contents of their laptop in 2019 to Harvard Pilgrim’s systems. Harvard Pilgrim then determined that this 2019 file had been accessed by an unauthorized third party in connection to the 2023 ransomware attack.
In January 2024, Brigham and Women’s says it became aware that some personal information of patients, including name, address, phone number, date of birth, medical record number, health insurance number, and limited clinical information between January 1, 2017, and May 1, 2019 (like lab results, procedures, medications, and diagnoses) was disclosed in the data breach.
A spokesperson for BWPO says no Social Security Numbers, financial account numbers, or debit/credit card numbers were compromised, and affected individuals have been notified.
“Although the incident did not occur on BWPO systems, BWPO is fully committed to protecting the privacy and security of personal information,” a spokesperson wrote in a press release. “BWPO has taken appropriate steps to address this matter and prevent something like this from happening in the future.”
Individuals who have any questions or would like further information about this matter can call the following toll-free number: 833-294-2020 during the hours of 8:00 a.m. to 4:00 p.m. EST, Monday through Friday, or can contact BWPO by email at bwhcHIPAA@partners.org.
This is a developing story. Check back for updates as more information becomes available.
Download the FREE Boston 25 News app for breaking news alerts.
Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW
