Insider Breach Spanned Nearly 7 Years

Health System Employee Inappropriately Accessed Records
Insider Breach Spanned Nearly 7 Years

Memorial Hermann Health System is notifying approximately 10,600 patients of an insider breach that spanned nearly seven years and involved improper access to electronic medical records.

See Also: Why Active Directory (AD) Protection Matters

Memorial Hermann is a not-for-profit health system in Southeast Texas with 12 hospitals and numerous specialty programs and services.

On July 7, the organization learned that a now former clinical employee accessed the electronic medical records outside of their normal job duties from December 2007 to July 2014. An investigation was subsequently launched, which included the help of outside forensics experts.

Information inappropriately accessed includes patient names, addresses, medical record numbers, dates of birth, health insurance information, and, in some instances, Social Security numbers.

"There is no evidence to suggest the [former] employee used the information for fraudulent purposes," a spokesperson for Memorial Hermann says.

Certain affected patients are being offered free credit monitoring services for one year, the spokesperson says.

As a result of the incident, Memorial Hermann continues to update and review its privacy policies and practices. Privacy training is mandatory for all employees, the organization says.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.