BreachExchange mailing list archives
Confidential info taken from Med Center patients
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 22 Mar 2017 15:36:17 -0500
http://www.bgdailynews.com/news/confidential-info-taken-from-med-center-patients/article_bbc3aa82-f779-591a-9660-0a12813def15.html A federal agency is investigating a breach of confidential information from patients at certain Med Center Health facilities. Irregularities were discovered during a January internal investigation, and the information was then given to law enforcement officials, who discovered the apparent breaches happened August 2014 and February 2015, according to a news release from Med Center Health. “When Med Center Health reported this incident to law enforcement, they asked that Med Center Health delay notification to patients or public announcement of the incident until now so as not to interfere with their investigation,” the release said. “Now that law enforcement’s request for delay has ended, Med Center Health is notifying patients as quickly as possible. We are actively working alongside law enforcement throughout their continued investigation into the matter.” Asked Wednesday morning to identify the agency investigating the breach, Med Center Health Vice President Doris Thomas said: “Because the incident is subject to a continuing federal investigation you have to submit your questions in writing.” The Daily News did so but had not received a response by press time Wednesday. David Habich, chief counsel for FBI in Louisville, confirmed it was his agency investigating the matter, which was ongoing. What is known is that Med Center Health determined a former employee obtained certain billing information by creating the appearance that he or she needed the information to carry out their job duties. The patient information was on an encrypted CD and encrypted USB drive and included names, addresses, Social Security numbers, health insurance information, codes for diagnoses and procedures and charges for medical services. Patient medical records were not included in the inappropriately obtained information, so medical histories and treatments have not “and will not be affected by this incident,” according to the release. “Med Center Health is committed to protecting the security and confidentiality of our patients’ information. We apologize to our patients who have been impacted by this misuse of information,” Med Center Health CEO Connie D. Smith said in a news release. “It is important for our patients to know that we are not aware of any evidence indicating that the billing records were being used to cause harm. We have been working alongside law enforcement on their continued investigation and greatly appreciate their involvement in this matter.” Information was taken for certain patients who were treated at The Medical Center at Bowling Green, The Medical Center at Scottsville, The Medical Center at Franklin, Commonwealth Regional Specialty Hospital, Cal Turner Rehab and Specialty Care and Medical Center EMS between 2011 and 2014. Affected patients will be notified in writing within two weeks with an offer of free credit monitoring and identity protection services for one year. In addition, notification letters will be sent to the insurance subscribers and patients’ guarantors whose information might also have been contained in the records. Med Center Health has established a call center to help answer patient questions. The call center is toll free at 844-420-6490 and is open from 8 a.m. to 8 p.m. Monday through Friday.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Confidential info taken from Med Center patients Inga Goddijn (Mar 23)