UMass Memorial Medical Group (UMMMG) is notifying a reported roughly 14,000 patients that a former employee may have accessed their personal information outside of normal job duties.

How many victims? Roughly 14,000, according to reports.

What type of personal information? Names, addresses, dates of birth, phone numbers, email addresses, guarantor names, medical record numbers, Social Security Numbers, and credit or debit card numbers used for payments to UMMMG.

What happened? A former employee may have accessed the personal information outside of normal job duties.

What was the response? UMMMG is further strengthening its privacy and information security program, including identifying additional measures and enhancements to existing safeguards to protect patient information. All impacted patients are being notified. The employee is no longer employed with UMMMG.

Details: UMMMG learned on April 9, 2014 that information related to some patients may have been accessed inappropriately and potentially for fraudulent purposes. After further investigation, UMMMG identified an employee who may have accessed the personal information outside of normal job duties from Jan. 7, 2014, to May 7, 2014. On Jan. 28, UMMMG was given permission by law enforcement to notify potentially affected patients.

Quote: “Also, in August 2014, law enforcement advised us that they found copies of some patient billing documents in possession of an unauthorized person,” according to a notification posted to the UMMMG website.

Source:, “Notice for UMass Memorial Medical Group Patients Regarding Former Employee Incident,” Jan. 30, 2015.