The Boston Globe reports on a security breach that affected individuals’ medical privacy:
Boston Medical Center said it fired a transcription service after a health care provider reported the records of about 15,000 patients at the hospital were posted without password protection on the vendor’s website used by physicians.
The records contained patients’ names, addresses, and medical information, including what drugs they were taking, but did not include Social Security numbers or financial information, said Jenni Watson, the hospital’s chief of staff.
Watson said Boston Medical Center sent letters to the patients notifying them of the data breach on the website operated by MDF Transcription Services and its subcontractors. She said the hospital had no reason to believe the information was viewed by outsiders or misused. […]
In a statement, Boston Medical Center said doctors’ notes typically posted on the vendor’s site with password protection “could have potentially been accessed by non-authorized individuals.”
The hospital had been doing business with the vendor for about 10 years but it was not clear how long the physicians’ notes had been left unprotected on the site.