Inside theft breaches data at Med Center Health

Six-hospital Med Center Health, serving the Bowling Green region of Kentucky, began notifying 160,000 patients on March 24 after an employee stole huge amounts of billing information to assist in an unapproved project to develop a new tool for an outside business interest.

Medical Center-BG-CROP.jpg

The employee, who is no longer with the organization, on two occasions obtained information on the pretense it was needed to carry out duties at Med Center Health, according to a notification letter sent to affected individuals and the community.

Also See: Why insider threats remain the biggest risk to data

“To date, our investigation indicates that in August 2014 and February 2015 the individual in question obtained patient information on an encrypted CD and encrypted USB drive, without any work-related reason to do so,” the letter states.

Compromised information included names, addresses, Social Security numbers, health insurance information, diagnoses and procedure codes and charges for medical services provided. Clinical records, medical history and treatment data were not accessed.

The breach affects patients treated at six specific facilities between 2011 and 2014. Med Center Health is offering affected individuals one year of credit monitoring and identity protection services. An organization spokesperson was not immediately available for comment.

For reprint and licensing requests for this article, click here.