Brigham and Women’s Hospital reports data breach of patients

Brigham and Women’s Hospital notified patients that a publicly accessible link to some personal and health information was inadvertently posted to the public version of the data analytics tool.

Brigham and Women’s Hospital released a statement and sent a letter to affected patients on Aug. 4 alerting them that specific research data posted on Tableau’s website in 2018 and in 2023 inadvertently included a publicly accessible link to some personal and health information.

Collected in connection with the original unnamed study – or in connection with a quality improvement project that included that study’s data – the personal information disclosed may have included the name, address, medical record number, date of birth, email address and phone number of patients that participated in the related research, said BWH officials in Friday’s announcement.

“The clinical information disclosed may have included your diagnosis, lab results, medications, and procedures collected as part of the study or project,” health system officials say they learned on June 8. “Not all individuals had the same data involved.”

That means the links were publicly accessible between Feb. 25, 2018, and June 13, 2023.

The hospital stated that there was no “access to or release of” Social Security numbers, financial account numbers, other health insurance information or debit/credit card numbers.

“These graphs were posted on the internet via the public website for the Tableau tool and were created to provide only high-level and summary information,” said BWH officials, noting that the health system is reviewing its privacy and security requirements governing use of Tableau software. Healthcare IT News