Massachusetts General Hospital hit with data breach affecting 4,300 patients

A third-party vendor is responsible for the security breach of the protected health information of 4,300 patients at Massachusetts General Hospital.

Hospital executives posted an apology on the hospital website on Wednesday.

The opening salvo: "Massachusetts General Hospital is deeply committed to the security and confidentiality of our patients' information, including any such information maintained by our third-party vendors."

[Also: Data breach costs hit $4 million, are most expensive, Ponemon finds]

Mass General learned on February 8 that an unauthorized individual gained access to electronic files used on Patterson Dental Supply Inc. systems. Mass General later confirmed it contained some MGH dental practice information.

PDSI reported the incident to law enforcement officials, who required notification to potentially affected individuals and any public announcement of the incident be withheld while they were conducting their investigation.

Investigators lifted the requirement on May 26, and Mass General "began notification as quickly as possible once we completed our investigation," the notice states.

"Based on our investigation, with the cooperation of PDSI, we determined that the files stored by PDSI included limited information related to some of our dental practice patients," MGH said in a statement.

The information included patient name, date of birth and Social Security number and, in some instances, may have also included date and type of dental appointment, dental provider name and medical record number. The breach did not involve any unauthorized access to any of MGH's systems or to any files maintained by MGH, hospital officials stated.

Twitter: @Bernie_HITN