OH: University Hospitals: Employee gained unauthorized access to 692 patient files in breach
John Cangiglia reports:
An employee of University Hospitals improperly accessed medical and personal information of 692 patients over a three-year period, the hospital system said Friday.
The employee, who has been dismissed, breached the hospital system’s electronic medical records, allowing the person to gain names, home addresses, phone numbers, email addresses, medical and health-insurance account numbers and other patient information, UH said. The electronic medical records also provide information on patients’ office visits.
The employee also viewed information on some patients’ Social Security numbers and personal financial account information, including credit card and debit card numbers.
Read more on Cleveland.com.
Earlier this week, University Hospitals reported that two computers were stolen from Chagrin Highlands Medical Center. When asked directly on Twitter whether there was any patient information on the stolen computers, UH would only reply that they were cooperating with the Orange Village Police Department:
@PogoWasRight We are currently cooperating with the Orange Village Police Department on their investigation into this matter.
— UHNewsroom (@UHNewsroom) November 28, 2014
They did not respond to a follow-up tweet pointing out that they hadn’t answered the question.
In November 2013, University Hospitals had to notify 7,100 patients after a hard drive with patient information was stolen from a contractor’s vehicle. That breach does not appear on HHS’s public breach tool as far as PHIprivacy.net can determine.