Dive Brief:
- According to a Worcester Business Journal report, Worcester, Massachusetts-based UMass Memorial Medical Center has notified patients that their personal and health information may have been compromised.
- According to the report, a now-former employee acting outside of normal duties accessed about 2,400 patients' information between 2002 and 2014. The breach was discovered by the medical center on March 6.
- The former employee, who accessed affected patients' names, addresses, dates of birth and Social Security numbers, may have used the information to open credit card and cell phone accounts.
Dive Insight:
It's particularly unfortunate when data theft not only violates patients' privacy, but also results in potential credit damage and financial loss. Over the 12 years the errant employee stole data, what was going on at the medical center? What allowed staff to miss this crime in progress for so long?
Discovery of the breach occurs during an industry-wide focus on the laxity of data security in the health care industry. The FBI recently issued an industry notification that security was inadequate; also recently, Wired reported that the head of information security at Essentia tested the company's medical equipment and found it vulnerable to attack.
In response to the growing awareness of the problem, Beth Israel Deconess' CIO has published his "wish-list" for data security.