Mass General Brigham 2023 Data Breach

Mass General Brigham Health System Breach (2023): 4 Million Patient Records Including Medical Diagnoses Exposed — Title missing 'Exposed' | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Cl0pRansomwareMedicalEmail AddressFull NameMedical DiagnosisPhone NumberPhysical Address
High SeverityWebsite / service breach

Mass General Brigham Health System Breach (2023): 4 Million Patient Records Including Medical Diagnoses Exposed — Title missing 'Exposed'

Integrated healthcare system.

Verified by ObscureIQ Intelligence
72/100Breach Risk Index
40Data Value
25Market Recency
509dSince Breach

Breach Intelligence Summary

Entity: Mass General Brigham · Actor: Cl0p · Sources: 2 references
Attack: Ransomware
Profile: Healthcare provider · Hospital and clinical care services · Integrated health system · USA
Timeline: Breach (2023-05-31) · Indexed (Dec 04, 2024) · Year (2023)
Exposure: 4.1M records · 5 fields: Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address
Status: Reported

Executive Summary

Mass General Brigham Health Plan was hit as part of the Cl0p ransomware group's 2023 campaign targeting Progress Software's MOVEit Transfer file transfer platform. Cl0p exploited a zero-day vulnerability in MOVEit to reach patient data held by Welltok, a health engagement and data analytics vendor used by the health plan. The breach exposed records for approximately 4.1 million patients, making it one of the larger incidents tied to that campaign. The exposed data included full names, home addresses, phone numbers, email addresses, and medical diagnoses. The combination of contact details and diagnosis information is particularly sensitive. It creates conditions for targeted phishing, insurance fraud, and medical identity theft, where criminals use someone else's information to obtain care or file false claims. The prestige of the Mass General Brigham name can also make impersonation scams more convincing to victims. Mass General Brigham notified affected patients and offered credit monitoring services following the breach. The health system is among the named parties in the consolidated MOVEit multidistrict litigation, a federal class action proceeding in the District of Massachusetts involving dozens of organizations affected by the same campaign. Affected individuals should remain alert to unsolicited contacts referencing their medical care, monitor their insurance statements for unfamiliar claims, and consider placing a credit freeze if they have not done so already.

ObscureIQ assessment: Severe risk of identity theft, medical fraud, insurance abuse, and targeted phishing. The size and prestige of the institution can also make impersonation scams more effective.

Breach Impact

The 2023 incident was part of the Cl0p ransomware group's zero-day exploitation of Progress Software's MOVEit Transfer platform, accessed through Welltok — a health engagement and data analytics vendor used by Mass General Brigham Health Plan. The breach compromised patient data for approximately 4 million individuals including names, email addresses, phone numbers, home addresses, and medical diagnoses. Mass General Brigham notified affected patients, offered credit monitoring services, and reported the incident to relevant regulators. The system is a named party in the consolidated MOVEit multidistrict litigation in the District of Massachusetts, alongside dozens of other healthcare organizations caught in the same campaign.

About Mass General Brigham

Mass General Brigham is a Boston-based integrated health system formed through the affiliation of Massachusetts General Hospital and Brigham and Women's Hospital, two of the most prominent academic medical centers in the United States. The system operates more than a dozen hospitals and hundreds of outpatient locations across Massachusetts and beyond, with a combined clinical, research, and education mission. It is affiliated with Harvard Medical School and consistently ranks among the top hospital systems in national quality assessments.

Why They Hold Your Data

Integrated health systems collect patient identity, contact, insurance, billing, appointment, and clinical records across hospitals, specialty care, and administrative workflows.

Recent Developments

Mass General Brigham has continued expanding its ambulatory care and community health footprint while managing cost pressures common across large academic health systems. The system has invested in digital health and research infrastructure. No major organizational changes beyond the breach context have been prominently reported in the recent period.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Medical Diagnosis Critical
Phone Number
Physical Address High

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Medical identity fraud or insurance abuse using health data
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Medical extortion, insurance fraud & discrimination
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat

Threat Actor: Cl0p

Cl0p
Ransomware

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.

Recommended Actions

If you believe your information may be included:

Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Mass General Brigham breach?

Mass General Brigham Health Plan was hit as part of the Cl0p ransomware group's 2023 campaign targeting Progress Software's MOVEit Transfer file transfer platform. Cl0p exploited a zero-day vulnerability in MOVEit to reach patient data held by Welltok, a health engagement and data analytics vendor…

What data was exposed?

Verified fields include Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation