FL: Memorial Healthcare System notifies 9,500 that two employees may have accessed their info for tax refund fraud scheme
I’m having one of those deja vu experiences, but I don’t see where this breach was ever mentioned before on this blog or DataBreaches.net. Bill Lewis reports:
Two employees of the Memorial Healthcare System have been fired and may face criminal charges in relation to an identity theft scheme involving the intended filing of fraudulent IRS tax returns.
The system – which controls the public hospitals of South Broward – began notifying Thursday approximately 9,500 patients that their personal information may have been stolen by the former employees.
Read more on The Credit Report with Bill Lewis.
For its part, the Memorial Healthcare System posted this notice on its web site today, linked from its home page:
Memorial Healthcare System (MHS) is committed to maintaining the privacy and confidentiality of our patients’ information. Regrettably, this notice concerns an issue related to that information.
On January 27, 2012, MHS first learned that an employee may have improperly accessed patient information. MHS was subsequently notified by law enforcement of a second employee who also may have improperly accessed patient information with the intent to process fraudulent tax returns. Both employees have been terminated. Specifically, these former employees may have accessed patients’ names, dates of birth, and social security numbers during 2011 to early 2012. No medical records were taken.
We have been actively cooperating with law enforcement and in furtherance of their investigation have followed their instructions to delay any notification or public announcement of this incident so as to not impede their investigation. Once law enforcement confirmed that we could notify our patients, we wanted to notify them as quickly as possible.
As a precaution, Memorial Healthcare System started mailing notification letters on April 12, 2012 to patients who were potentially affected. We have also established a dedicated call center to assist the affected patients. If you believe you have been affected but do not receive a letter by April 25, 2012, please call this toll-free number 877-643-2062 from 9:00 AM to 7:00 PM (Eastern Time).
We deeply regret that this incident has occurred and have taken steps to try to prevent such an incident from occurring in the future. We have continued to refine our privacy policies, to reinforce with all staff the importance of handling patient information, and to enhance many of our auditing controls by taking advantage of recent advances in best practice technology.