[BreachExchange] Confidential info taken from Med Center patients

[Inga Goddijn]

http://www.bgdailynews.com/news/confidential-info-taken-from-med-center-patients/article_bbc3aa82-f779-591a-9660-0a12813def15.html

A federal agency is investigating a breach of confidential information from
patients at certain Med Center Health facilities.

Irregularities were discovered during a January internal investigation, and
the information was then given to law enforcement officials, who discovered
the apparent breaches happened August 2014 and February 2015, according to
a news release from Med Center Health.

“When Med Center Health reported this incident to law enforcement, they
asked that Med Center Health delay notification to patients or public
announcement of the incident until now so as not to interfere with their
investigation,” the release said. “Now that law enforcement’s request for
delay has ended, Med Center Health is notifying patients as quickly as
possible. We are actively working alongside law enforcement throughout
their continued investigation into the matter.”

Asked Wednesday morning to identify the agency investigating the breach,
Med Center Health Vice President Doris Thomas said: “Because the incident
is subject to a continuing federal investigation you have to submit your
questions in writing.” The Daily News did so but had not received a
response by press time Wednesday.

David Habich, chief counsel for FBI in Louisville, confirmed it was his
agency investigating the matter, which was ongoing.

What is known is that Med Center Health determined a former employee
obtained certain billing information by creating the appearance that he or
she needed the information to carry out their job duties. The patient
information was on an encrypted CD and encrypted USB drive and included
names, addresses, Social Security numbers, health insurance information,
codes for diagnoses and procedures and charges for medical services.

Patient medical records were not included in the inappropriately obtained
information, so medical histories and treatments have not “and will not be
affected by this incident,” according to the release.

“Med Center Health is committed to protecting the security and
confidentiality of our patients’ information. We apologize to our patients
who have been impacted by this misuse of information,” Med Center Health
CEO Connie D. Smith said in a news release. “It is important for our
patients to know that we are not aware of any evidence indicating that the
billing records were being used to cause harm. We have been working
alongside law enforcement on their continued investigation and greatly
appreciate their involvement in this matter.”

Information was taken for certain patients who were treated at The Medical
Center at Bowling Green, The Medical Center at Scottsville, The Medical
Center at Franklin, Commonwealth Regional Specialty Hospital, Cal Turner
Rehab and Specialty Care and Medical Center EMS between 2011 and 2014.

Affected patients will be notified in writing within two weeks with an
offer of free credit monitoring and identity protection services for one
year. In addition, notification letters will be sent to the insurance
subscribers and patients’ guarantors whose information might also have been
contained in the records.

Med Center Health has established a call center to help answer patient
questions. The call center is toll free at 844-420-6490 and is open from 8
a.m. to 8 p.m. Monday through Friday.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170322/77c17f16/attachment.html>