Employee snooping causes breach at Chicago Children’s Hospital
Patient records at Ann and Robert Lurie Children’s Hospital of Chicago were apparently compromised when an employee accessed records without a valid business reason.
“On November 15, 2019, we discovered that between September 10, 2018, and September 22, 2019, an employee accessed records without a business reason,” the organization is telling affected patients in a breach notification letter.
“We immediately terminated the employee’s access to all patient information and began a thorough investigation. We addressed this issue in accordance with disciplinary policies and the employee no longer works for the hospital,” the letter noted.
Compromised data included patients’ names, addresses, dates of birth, diagnoses, medications, appointments and procedures. The employee did not have access to full Social Security numbers, insurance information and financial account information, patients were told.
The organization did not release an estimate for how many patient records may have been compromised over that period of time.
The patient notification letter does not include an offer of protective services, such as credit monitoring or identity theft protection, as Social Security numbers and financial information were not at risk.
“We want our patients to know that we take this matter very seriously,” affected persons were told. “It is always a good idea to review any statements you receive from your healthcare provider. If you see any services not received, please contact the provider immediately.”