Supply chain
⛓ Supply Chain
Boston Medical Center Patient Records Breach via MDF Transcription Services
Primary Source ↗Incident Details
Boston Medical Center said it has fired a transcription service after a health care provider reported that the medical records of about 15,000 patients at the hospital were posted without password protection on the vendor’s website used by physicians. Boston Medical Center said it fired a transcription service after a health care provider reported the records of about 15,000 patients at the hospital were posted without password protection on the vendor’s website used by physicians. Black Kite timeline context: Data breached: Unknown. Use of third party: Unknown. Third-party company: Third-party vendor.
Technical Details
- Initial Attack Vector
- MDF Transcription Services, a medical transcription vendor contracted by Boston Medical Center, inadvertently posted patient records to a publicly accessible website without authentication; the records were uploaded to an internet-accessible server rather than a secure private system
- Vendor / Product
- MDF Transcription Services
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2014-04-01 Breach occurred
- 2014-04-29 Publicly disclosed