Cyber Incident Victim: Mass General Brigham

On May 8, 2017, Partners HealthCare System detected suspicious activity on its computer network through internal monitoring systems, leading to the discovery of a malware intrusion by an unauthorized third party. The organization immediately blocked portions of the malware and initiated an investigation with third-party forensic consultants to assess the scope and mitigate impacts. Analysis confirmed the malware was not specifically designed to target Partners' infrastructure, operations, or data repositories, and investigators verified no compromise of the electronic medical record system. However, further review revealed the malware potentially enabled unauthorized access to data generated through user activity on compromised computers between May 8 and May 17, 2017. Partners implemented aggressive containment measures on affected devices as they were identified during the investigation.

On July 11, 2017, investigators identified unstructured data that appeared to contain personal and health information intermingled with computer code, numerical values, and other non-formatted data, complicating analysis. Partners conducted an extensive manual review of this data, concluding in December 2017 that approximately 2,600 patients were affected. The exposed information potentially included patient names, dates of service, clinical details such as diagnoses, procedures, or medications, and—for a subset—Social Security Numbers and financial account data. Partners stated no evidence suggested actual misuse of the compromised information. Notifications were issued to impacted individuals as a precautionary measure following the completion of the data analysis. The organization emphasized ongoing efforts to enhance security protocols but did not disclose specific technical details about the malware or initial attack vector.