A former employee at University Hospital Geauga Medical Center in Ohio inappropriately accessed the medical and personal information of 677 patients, including names, dates of birth, medical record numbers and information on medications. While most think of outside cyber-threats as the main cause of medical data-breaches, compromised medical, personal and financial information also often comes from within.
The University Hospital discovered this after an internal review found a pattern of strange access to patient personal data in its electronic records system. Following the investigation, the hospital determined that the employee was improperly accessing patient information between Aug. 15, 2015, and Jan. 3, 2016. The University Hospital is not aware of any instances of identity theft or misuse of patient information, but patients affected are being notified of the breach and law enforcement has been contacted. As of now, the employee who accessed the information has been terminated, appropriate regulatory bodies have been contacted and individuals whose information was compromised have been notified. The hospital is also focusing on preventing incidents in the future by providing education on patient privacy, and the Health Insurance Portability and Accountability is adopting stricter monitoring of access to medical records.