A health system employee accessed electronic medical records from Memorial Hermann Health System in Houston. The records were accessed for more than six years.
How many victims? 10,604 patients, according to various news outlets
What type of personal information? Names, addresses, medical record numbers, dates of birth, health insurance information, and, in some cases, Social Security numbers
What happened? A health system employee accessed electronic medical records for non-work related purposes from December 2007 to July 2014.
What was the response? The hospital suspended the employee's access to the medical records and launched an investigation with outside forensic experts.
Details: Affected patients were notified through letters and told to call a dedicated phone line with questions. No financial information was accessed.
Quote: “Although privacy training is in place for all employees, Memorial Hermann continues to investigate and to review its privacy policies and practices in an effort to prevent something like this from happening in the future,” according to a press release on the health system's website.
Source: memorialhermann.org, “Memorial Hermann Notifies Patients of Privacy Incident,” Aug. 29, 2014.