Virginia Mason Memorial Hospital employees accessed data which was not included in their job responsibility. Facility found out that 21 hospital employees were involved. The incident has affected 419 emergency room patients.
Facility has immediately sent the notification letters to affected patients. Also, patient record access to the employees is revoked. Hospital conducted an investigation and third party forensic firm is hired to determine whether the data is available in the black market.
Till now there is no indication of information misuse. The hospital’s chief compliance and privacy officer Trent Belliston mentioned that investigators did not find any evidence to believe that employees had any malicious intent.
“No evidence that the information’s being used in an improper way,” said Belliston. “We believe this to be a case of snooping, or individuals who were bored.”
Belliston also mentioned that there is no evidence suggesting this was a targeted attack.
“It was a wide array of patients and information,” Belliston said.
Twenty-one employees are disciplined or terminated based on their extent of involvement. Hospital CEO Russ Myers mentioned that labor and confidentiality laws stop him from naming which employees were part in the security breach or how the employees were disciplined.
Patient medical and demographic information were viewed by the employees. Financial information was not seen.But Belliston mentioned that patient Social Security numbers may have been viewed as it was present on the patient records.
Facility is providing free credit monitoring for all potentially affected patients for two years. Also, a call centre is set up to answer queries.
“There’s the potential for this to happen in a hospital at any point in time,” said Belliston.
“Similarly to how important the safety of the patient is from a physical standpoint, likewise, the security of their information is also of great importance to us, making sure their information is safe,” he added.
____________________________________________________________________________________________
Alertsec is a one-stop provider that offers a cloud-based all-inclusive, pre-configured, ready-to-use computer security service, which also includes comprehensive 24/7 support for all users.