UMass Memorial Medical Group in Worcester, Mass., is notifying about 14,000 patients that their billing records “may have been accessed inappropriately and potentially for fraudulent purposes,” according to a notice that started being mailed out on January 28, 2015.

The medical group, part of UMass Memorial Health Care, learned on April 9, 2014 that the billing records may have been compromised between January 7 and May 7, 2014 by an employee no longer working at the organization. An investigation later revealed that in August 2014, law enforcement found “copies of some patient billing documents in possession of an unauthorized person.” It is not clear if the documents were in possession of the former employee or another person, according to an UMass spokesperson.

Notification to patients was delayed until January 28, 2015 at the request of law enforcement, but the investigation continues. UMass Memorial is offering credit monitoring services.

Compromised information may have included names, addresses, dates of birth, phone numbers, email addresses, medical record numbers, credit-debit card numbers and Social Security numbers.

The Worchester Telegram reports that the breach is the second major one for UMass in two years. A former employee has pleaded not guilty to multiple charges of identity theft and other charges in a case where about 2,400 patients were notified, according to the newspaper.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access