Identity theft scam hits Berkeley Medical Center

Register now

WVU Medicine University Healthcare in West Virginia has confirmed 113 patients to date as victims of identity theft and is offering one year of identity monitoring services to a total of 7,445 patients after an employee at Berkeley Medical Center was found to be removing patient information from the premises.

While investigating other instances of identity theft, the FBI and local law enforcement linked the hospital to the scam and notified officials of a potential breach on January 17, according to a WVU spokesperson.

An internal investigation then confirmed a link between the employee and individuals who had their identity stolen. The employee had access to patient data and was writing down information via pad and pencil and taking the information home.

The employee was suspended on January 19, terminated on January 27 and now is being prosecuted. Along with written patient data, other protected health information found in the employee’s possession included drivers’ licenses, ID cards, insurance cards and Social Security cards. Additional tracking later found the employee also viewed physician orders that contained diagnoses and other information.

Also See: 12 big data and security trends to watch in 2017

The hospital continues to work with law enforcement to notify affected individuals and has contracted with Kroll for the identity theft monitoring services.

"University Healthcare understands the importance of safeguarding our patients' personal information and takes that responsibility very seriously," Anthony Zelenka, president and CEO said in a statement. "We regret this incident has occurred. We are committed to work with our patients whose personal information has or may have been compromised, and help them work through the process."

For reprint and licensing requests for this article, click here.