Insider Breach Spanned Nearly 7 Years
Health System Employee Inappropriately Accessed RecordsMemorial Hermann Health System is notifying approximately 10,600 patients of an insider breach that spanned nearly seven years and involved improper access to electronic medical records.
See Also: Why Active Directory (AD) Protection Matters
Memorial Hermann is a not-for-profit health system in Southeast Texas with 12 hospitals and numerous specialty programs and services.
On July 7, the organization learned that a now former clinical employee accessed the electronic medical records outside of their normal job duties from December 2007 to July 2014. An investigation was subsequently launched, which included the help of outside forensics experts.
Information inappropriately accessed includes patient names, addresses, medical record numbers, dates of birth, health insurance information, and, in some instances, Social Security numbers.
"There is no evidence to suggest the [former] employee used the information for fraudulent purposes," a spokesperson for Memorial Hermann says.
Certain affected patients are being offered free credit monitoring services for one year, the spokesperson says.
As a result of the incident, Memorial Hermann continues to update and review its privacy policies and practices. Privacy training is mandatory for all employees, the organization says.