Beth Israel Deaconess Medical Center in Boston reported that more than 2,000 patients may have had radiology-related information transmitted to an unknown location due to a security breach.
Security was violated after a vendor failed to restore security controls following routine maintenance, according to the institution. A computer workstation in a locked room infected with a computer virus was transmitting data to an unknown location.
The computer, which was used for scanning images of exams performed at radiology facilities external to the hospital's radiology department, stored patient names, gender, date of birth, hospital medical record numbers, and the date and name of radiology procedures for 2,021 patients. The computer did not store any social security numbers or financial data, according to Chief Information Officer Dr. John Halamka.
After the virus was discovered transmitting its hard drive data to a cloud-based server, the computer was cleaned and all software reinstalled to ensure that the virus was no longer present, the hospital stated in a press release.
Affected patients have been offered one year of identity protection services by the hospital, and a dedicated toll-free telephone line has been established to answer questions and to provide support.
