Patterson Dental Supply Inc. reported a breach of 4,300 records to its associate Massachusetts General Hospital on February 8, 2016.

According to a Boston Herald report, Massachusetts General Hospital (MGH) stated that a recent breach of Protected Health Information (PHI) affects 4,300 of their patients.

On June 29, MGH posted a press release notifying patients of the third-party breach. Back in February, MGH learned that an unauthorized individual gained access to electronic files stored on Patterson Dental Supply Inc.’s (PDSI) systems. In addition to notifying MGH, PDSI notified law enforcement about the breach. Law enforcement requested that patients not be notified until after conclusion of the investigation. The restriction was lifted on May 26.

After the investigation, MGH determined that limited information was accessed; however, the information accessed did include patient names, Social Security numbers, dates of birth, and also may have included dates and types of dental appointments, the dental providers, and medical record numbers. These are all types of PHI that HIPAA requires health care organizations to protect.

When this kind of valuable information is breached, both the patients and the health care organizations are put at risk. The patients are at risk for identity theft among other potential issues; and the health care providers are at risk of losing patients’ trust and business. Plus, the health care organization could lose substantial amounts of money in fines and mitigation costs.

In the release, MGH stated that they are committed to the security of sensitive information and that they regret any inconvenience this may have caused for patients. MGH began sending letters out to affected individuals on June 29 and have created a call center to answer any questions patients may have. The contact information for the call center is provided in the press release.

This is another incident that spotlights the need for Covered Entities, health care organizations, to check in frequently with their Business Associates to be sure the associates are working to protect sensitive information. According to the HIPAA standards, health care organizations are responsible for the protection of PHI used within their company and used by their associates. Find out more reasons why Covered Entities should be diligent when working with Business Associates in this HIPAAgps article.