UMass Medical Center alerts patients to insider data theft that may date back to 2002
Posted on the website of University of Massachusetts Medical Center:
Important Privacy Incident Notice for UMass Memorial Medical Center Patients
UMass Memorial Medical Center (UMMMC) is committed to protecting the privacy and confidentiality of patient information. Regrettably, this notice concerns an incident involving some of that information.
On March 6, 2014, we learned that an employee may have accessed information of certain patients outside of the employee’s normal job duties. The information may have been used to open commercial accounts, such as credit card and cell phone accounts. Upon receiving this information, UMMMC immediately began an internal investigation. We continue to investigate and cooperate with law enforcement. Our investigation has determined that the employee had access to patient information such as name, date of birth, Social Security number, and address at some point between May 6, 2002 and March 4, 2014. We are not aware of the misuse of any medical information. The employee no longer works at UMMMC.
UMMMC is now contacting additional patients whose information was accessed by the employee, although UMMMC has no indication of any misuse of this information. Out of an abundance of caution, UMMMC began sending letters to these potentially affected patients on May 5, 2014. If you believe you are affected but do not receive a letter by May 27, 2014, please call our Incident Response Line at 877- 218-3036, Monday through Friday from 9:00 a.m. to 7:00 p.m. Eastern Time (closed on U.S. observed holidays), and provide this ten digit reference number – 4476042814 – when prompted. UMMMC will further investigate any concerns raised by our patients of misuse of information to determine whether they are related to this incident.
UMMMC deeply regrets this incident and any inconvenience it may cause our patients. UMMMC has had a privacy and information security program in place for several years, and we want to assure our patients that we are committed to the security of patient information and taking this matter very seriously.
To help prevent this type of situation from happening again, UMMMC is further strengthening its program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMC is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.
h/t, NECN, who reports that there are four cases of what appears to be misuse of patient information; 2,400 patients are being notified as part of the broader notification.