ProMedica, a nonprofit health care system, is notifying nearly 600 patients of Bay Park Hospital in Ohio that a former employee had been accessing their personal information, without authorization, for about a year.
How many victims? 594.
What type of personal information? Names, dates of birth, diagnoses, hospital visit numbers, attending physicians, medications, and other clinical information.
What happened? A former employee had been accessing the patient information, without authorization, for about a year.
What was the response? The employee's access to patient information was deactivated and the staffer is no longer employed by ProMedica. Current employees will be receiving training on data privacy. All impacted individuals are being notified, and offered a year of identity theft protection services.
Details: The former employee accessed the patient information between April 1, 2013, and April 1. The security breach was discovered on April 2. The former employee was not directly treating the impacted patients, and it was not made public exactly why the former employee was accessing the data.
Quote: “Based on our records, we don't believe the information accessed by the employee contained any financial information, including Social Security numbers, or that the employee intended to retain any viewed information,” according to a statement.
Source: toledoblade.com, The Blade, “ProMedica patients' data may be at risk,” May 29, 2014.