Florida-based Memorial Healthcare System is notifying nearly 9,500 patients that a recent data breach might have exposed their personal information, CMIO reports (Byers, CMIO, 4/13).
Details on the Breach
On Jan. 27, MHS discovered that two employees improperly accessed patient data with the intent of filing false tax returns. Although no medical records were taken, MHS officials said the employees could have accessed patients':
- Dates of birth; and
- Social Security numbers (LaFave Grace, Modern Healthcare, 4/13).
Kerting Baldwin, a spokesperson for the five-hospital system, did not indicate whether any of the notified patients had experienced identity theft (LaMendola/Gehrke-White, South Florida Sun Sentinel, 4/13). Baldwin also did not provide information on whether the patient data were encrypted, citing the ongoing investigation.
Response to the Breach
MHS has fired both employees who inappropriately accessed the patient data. According to Baldwin, the hospital system also is "actively cooperating with law enforcement."
In a statement, MHS said it will provide affected patients with one year of no-cost credit-monitoring services and access to support through a call center.
To prevent future breaches, the health care system said it has "continued to refine its privacy policies, to reinforce with all staff the importance of handling patient information and to enhance many of its auditing controls by taking advantage of recent advances in best-practice technology" (Modern Healthcare, 4/13).