The hospital admitted on Monday that an unnamed computer service vendor had failed to restore security settings on the computer after performing maintenance. The computer was later found to be infected with a computer virus, which transmitted data files to an unknown location.
The data files included patients’ names, medical record numbers, gender, and birth dates for 2,021 patients. However, they did not contain social security numbers or financial information, the hospital said.
“BIDMC takes this incident and the protection of protected health and personal information extremely seriously,” said John Halamka, BIDMC’s chief information officer. “We are grateful no social security numbers or financial information was released and apologize for the inconvenience and deeply regret any concern this situation may cause.”
Halamka said that the hospital shut down the computer, cleaned it, and reinstalled all the software to ensure the virus was no longer present. Following the incident, BIDMC updated its security controls.
The hospital is providing affected patients with access to state and federal resources, a toll-free telephone number, and one year of identity protection services.