Brigham and Women's Hospital reports data breached via Tableau
Take action: Graphs and visualizations are perfect. Just insist on proper anonymization of the dataset for public use - even if it means creating a bit of redundancy in data. Otherwise you risk the same problem of exposing the linked data to the graphs - which is usually hundreds if not thousands of records containing sensitive data.
Learn More
Brigham and Women's Hospital (BWH) has reported a breach of personal information in research data relating to an unnamed study or a quality improvement project involving the same dataset.
The breach occurred when BWH posted research data graphs on two studies, one research and one quality improvement study on the data analytics Tableau public platform. The graph inadvertently containing publicly accessible links to the source content which had personal and health information.
For the research study, the graphs were posted on the public version of the Tableau tool on February 25, 2018. For the quality improvement project, the graphs were posted on the public version of the Tableau tool on January 14, 2023.
The accessibility of the links to data was unintentional and spanned from February 25, 2018, to June 13, 2023.
The affected patients had been informed via letters by BWH. The disclosed personal information may contain have encompassed
- participants' names,
- addresses,
- medical record numbers,
- dates of birth,
- email addresses,
- phone numbers,
According to BWH officials, clinical details like diagnoses, lab results, medications, and procedures connected to the study or project may also have been exposed.
Social Security numbers, financial account numbers, other health insurance data, or debit/credit card numbers were not involved in this incident
The number of impacted individuals are not disclosed, nor any details of whether they are protected in any way.
