Beth Israel Suffers Security Breach

Beth Israel Deaconess Medical Center, a research and teaching hospital affiliated with Harvard Medical School, said Monday that a recent breach in security may have released more than 2,000 medical records of radiology patients.

The computer had recently undergone maintenance work, and the service vendor failed to restore the existing security controls following the procedure. According to Beth Israel spokesperson Jerry Berger, intrusion detection software picked up unusual activity, which turned out to be a virus sending out encrypted patient information to an unknown location.

The affected computer, which was stored in a locked room, contained patients’ gender, date of birth, medical record numbers, and details about their radiology procedures.

“Because federal law requires disclosures where dates of birth are involved, we opted to make this disclosure in an abundance of caution,” Berger said.

Immediately upon discovering the virus, the hospital shut down the computer, cleaned its system, and re-installed the affected software. They also set up updated security controls in order to prevent future virus attacks.

“BIDMC takes this incident and the protection of protected health and personal information extremely seriously,” Beth Israel Chief Information Officer John D. Halamka said in a statement. “We are grateful no Social Security numbers or financial information was released and apologize for the inconvenience and deeply regret any concern this situation may cause.”

The hospital is currently in the process of sending out letters to all affected patients and will provide them with free identity theft protection services for one year.

—Staff writer Leanna B. Ehrlich can be reached at lehrlich@college.harvard.edu.