DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Some UPMC St. Margaret patients’ info shared with unauthorized organization by now-former employee

Posted on March 6, 2021 by Dissent

Paul J. Gough reports that an employee of UPMC St. Margaret was fired after they sent a record to an unidentified outside organization that contained patient information.

A March 5th statement on UPMC’s web site reveals that on August 8, 2020, UPMC first became aware of the inappropriate disclosure of a medication administration report to an outside organization without a business need for the protected health information.

Through the investigation, UPMC determined that names, internal UPMC identification numbers and medication administration data may have been inappropriately disclosed. “Medication administration data” may include the drug name, dosage, time/date of administration, and reason for administration. Please be assured that neither Social Security Numbers nor medical records were inappropriately accessed/disclosed.

UPMC terminated the employee’s access to UPMC systems and terminated the employee’s employment with UPMC. Federal authorities were also notified.

On March 5, 2021 UPMC began mailing letters to affected patients. Their statement does not explain why the delay in notification from discovery. Did law enforcement request the delay?  Is there any criminal investigation ongoing?

DataBreaches.net sent an inquiry to UPMC this morning, but has received no reply by publication time. This post will be updated if and when an explanation for the delay is received. The incident does not appear on HHS’s public breach tool, and UPMC’s statement does not indicate whether there were more than 500 patients or fewer than 500 patients involved.

 

Related Posts:

  • More University of Pittsburgh Medical Center…
  • Ultimate Software dropped from federal lawsuit against UPMC
  • Patient data breaches disclosed by Nevada,…
  • Update: All 62,000 workers at UPMC may now be…
  • UPMC Susquehanna notifies 1,200 patients of data breach

Post navigation

← Terminated: Texas Medicaid subcontractor dumped after data breach in ransomware attack from Russia
American Armed Forces Mutual Aid Association hack impacted more than 161,000 →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • AlphV claims they have started contacting some of Tipalti’s clients (1)
  • Research: Privacy as Pretense: Empirically Mapping the Gap Between Legislative & Judicial Protections of Privacy
  • What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.
  • On September 2nd, the U.S. branch of Great Star Industrial Co. disbursed a ransom of 1 million dollars to a ransomware group
  • Former Public School Information Technology Manager Charged with Damaging School’s Computer Network
  • Sellafield nuclear site hacked by groups linked to Russia and China
  • Hackers steal IDF patient records from cyberattack on Israeli hospital (corrected)
  • AlphV claims an attack before even alerting the victim. How will that work out for them? (1)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net