Mass General Brigham has reported an internal data breach involving unauthorized access to patient health records by an employee without a valid business reason. Affected individuals are now being notified.
Mass General Brigham Data Breach Investigation
Mass General Brigham, one of the largest healthcare systems in Massachusetts, recently disclosed a breach of protected health information (PHI) due to unauthorized employee access. On August 28, 2025, the organization discovered that a workforce member accessed patient medical records without an appropriate business need.
According to the notification sent to impacted individuals, the records accessed may have included a range of personally identifiable and medical information. While no Social Security numbers, financial data, or credit card numbers were involved, the exposed data included names, contact details, driver’s license numbers, medical record numbers, and sensitive clinical information such as diagnoses, medications, lab results, and treatment details.
Mass General Brigham acted promptly upon discovery. The unauthorized access was stopped, and the individual responsible was held accountable. The organization has since reinforced its privacy protocols and committed to ongoing workforce education and training to prevent future incidents.
This breach is especially concerning because it involved deliberate employee misconduct. While cyberattacks often receive more attention, internal data misuse can be equally damaging, especially when it comes to healthcare data, which is both personal and highly sensitive.
The organization is encouraging patients to review the details of the incident and take recommended steps to protect themselves. For individuals affected, this incident may qualify for legal action given the nature of the data accessed.
When Did This Breach Occur?
Mass General Brigham discovered the breach on August 28, 2025.
What Information Was Breached?
- Full name
- Address
- Date of birth
- Driver’s license number
- Phone number
- Medical record number
- Email address
- Clinical information (diagnoses, medications, lab results, treatment data)
What You Can Do
If you were notified by Mass General Brigham regarding this breach, you should:
- Request a copy of any police report if you file one regarding identity theft.
- Consider placing a credit freeze with the major credit bureaus to prevent new accounts being opened in your name.
- Review your medical records and insurance statements for unauthorized treatments or inaccuracies.
- Contact Mass General Brigham’s Privacy Office if you have questions or need support.
- Speak to Class Action U to learn about your legal options and whether you’re eligible to join a lawsuit.
Even when financial data isn’t exposed, the unauthorized disclosure of health information can have serious emotional, reputational, and legal implications. Protect your data and understand your rights.
