Thousands of records have been hacked at Massachusetts General Hospital.
About 9,900 patients who took part in research studies have had personal information stolen, according to a statement released Thursday by hospital officials.
The information included names, birth dates, genders, races and ethnicities, as well as health care data like genetic background, diagnosis, medical history, assessments and results.
"That would probably be the worst invasion of privacy you could have," said cyber security expert John Moynihan. "Stealing information about a medical diagnosis."
The hospital is not saying who may be responsible for the data breach, but it says federal law enforcement has been notified.
To Moynihan, that could be a critical clue. It could mean a foreign government is responsible.
Security firm FireEye reported this week health care data is being targeted.
"They're looking to gather research data on our methods, on our health care and our treatment methods," said Moynihan, founder of Minuteman Governance.
The hack did not include Social Security numbers, insurance information or any other financial data, according to the hospital.
The patients who were impacted were taking part in studies in the Department of Neurology.
Moynihan says it's possible, though not likely, that whoever stole the data was looking for information on a particular person.
"It's a very interesting platform to hack," said Moynihan. "A research database of neurology patients."
The security breach happened in June and the hospital says it has been in the process of notifying patients.