New York-based Montefiore Medical Center notified patients on Sept. 18, 2020, of a security breach involving a former employee stealing 4,000 patient records.
According to the announcement, the employee utilized the health system to access the personal information of thousands of patients in the hospital. The hospital discovered the incident in July and immediately reported the incident to the New York City Police Department.
Patients’ personal information like complete names, addresses, dates of birth, and Social Security numbers were compromised in the breach. Individuals that visited the hospital between January 2018 to July 2020 are affected by the security breach.
Montefiore said they have no evidence showing that any patient information has been used for identity theft. Meanwhile, the employee was fired and an NYPD investigation is underway.
“Montefiore deeply regrets this incident and will not tolerate any violation of patient privacy. In support of all HIPAA guidance and laws, we view this activity to be criminal in nature, and are fully cooperating with law enforcement as the case moves forward,” stated Montefiore in its health system update.
Given the situation, the medical center is extending help to patients affected by the breach. Montefiore is offering identity theft protection services, recovery services, one-year credit monitoring, and a $1 million insurance policy.
Training and Background Checks
All employees have no access to the patient’s records without work-related reasons. Moreover, it’s equipped with technology that notifies or alerts the system if anyone violates the security protocol.
In addition to the detective system, the medical center also conducts criminal background checks and privacy and security training to help employees understand the importance of personal information and risks.
According to the hospital, the suspect received all necessary training for handling patient records, but failed to cooperate, and violate the Code of Conduct in place. With the hospital’s sophisticated technology, it was able to detect improper access to electronic patient records.
Following the incident, the hospital said to expand its monitoring capabilities and to enhance the employee training programs to safeguard its patients and uphold standards. Those affected by the breach can reach out to the hospital via their hotline at 1-833-755-1027 or may visit here for more questions.
Montefiore was also hit by a cyberattack following Blackbaud’s data breach. On September 14, the medical center notified some of its patients for a possible breach as its data storage vendor was hit by a hacking incident.
