Roughly 13,000 patients at Huntington Hospital have recently been informed about an incident involving illegal access to confidential information.
What Happened?
The medical facility discovered that a night shift employee had accessed electronic medical patient information without permission, which was against the company’s policies.
Following a comprehensive investigation, Huntington Hospital concluded on February 25th, 2019, that between October 2018 and February 2019, the employee inappropriately accessed sensitive patient data without role-based permission.
According to the officials, the employee was immediately suspended, with the hospital immediately informing law enforcement of the incident.
According to the officials, the employee was immediately suspended, with the hospital immediately informing law enforcement of the incident. The hospital collaborated with the law enforcement inquiry, including deferring notification of any patients who may have been affected by the situation until November 2021.
As a result of the investigation, the intruder has been charged with a criminal HIPAA violation.
What Data Was Accessed?
There is no proof that the former employee had access to Social Security Numbers, insurance details, banking information, or other payment-related data.
According to hospital representatives, the data accessed included demographic-type information such as:
- name,
- date of birth,
- telephone number,
- address,
- internal account number and medical record number,
- clinical information such as diagnoses, medications, laboratory results, course of treatment, the names of health care providers, and/or other treatment-related information.
Huntington Hospital has a comprehensive compliance policy that includes regular employee instruction, the use of security tools to control access to medical information apps, and audits of medical record access.
In addition, the hospital has taken action in order to avoid similar incidents in the future, such as strengthening access controls and retraining personnel on the importance of keeping patient confidentiality.
As a precaution, Huntington Hospital provides free identity theft protection services through Experian IdentityWorksSM for one year to all affected individuals, unless a longer period is needed by applicable state law.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.