EHR breach at two ProMedica hospitals
Workers may have accessed information on 3,500 patients over two years.
ProMedica Bixby and Herrick Hospitals, both part of 13-hospital ProMedica based in Toledo, are notifying about 3,500 patients after discovering that employees were looking at electronic medical records without authorization.
The incident is a reminder that while cyber attacks from the outside receive significant media attention, other security threats that have been around for many years require continued monitoring.
In its public filing on the breach, ProMedica reported that while the breach was discovered in April, the violations had occurred since May 2014. During that time, seven employees accessed electronic records for patients they were not directly treating and without valid business and clinical reasons, a ProMedica statement indicated.
Potentially compromised information included patient names, addresses, phone numbers, birth dates, and insurance, diagnoses, medications and other clinical information. ProMedica has disciplined some of the employees and fired others; in addition, it has launched a new auditing program that includes software that monitors employee activity in the EHR.
The organization is offering affected individuals one year of credit monitoring services.
The incident is a reminder that while cyber attacks from the outside receive significant media attention, other security threats that have been around for many years require continued monitoring. In its public filing on the breach, ProMedica reported that while the breach was discovered in April, the violations had occurred since May 2014. During that time, seven employees accessed electronic records for patients they were not directly treating and without valid business and clinical reasons, a ProMedica statement indicated.
Potentially compromised information included patient names, addresses, phone numbers, birth dates, and insurance, diagnoses, medications and other clinical information. ProMedica has disciplined some of the employees and fired others; in addition, it has launched a new auditing program that includes software that monitors employee activity in the EHR.
The organization is offering affected individuals one year of credit monitoring services.
More for you
Loading data for hdm_tax_topic #care-team-experience...