Montefiore Medical Center has found out that another employee accessed patient records without having any valid work reason.
The report of New York hospital in February 2020 stated that an employee was identified to have accessed patient health records without any authorization for a period of 5 months in 2020, and another employee was identified to have obtained the protected health information (PHI) of around 4,000 patients between January 2018 and July 2020.
The most current discoveries involved an employee looking at patient files without authorization for over 12 months. Montefiore’s FairWarning software program discovered the data breach. The software program monitors records of inappropriate access.
Upon finding unauthorized health record access, the provider suspended the staff while awaiting the end of the investigation. An assessment of the access log revealed that the staff had accessed the records with no valid work reason between January 2020 and February 2021.
The types of patient information viewed varied and included first and last names, birth dates, emails, addresses, medical record numbers, and the 4-ending digits of the Social Security number. Montefiore could not locate any evidence that financial information or clinical information was accessed.
The unauthorized record access breached Montefiore’s regulations and HIPAA. The center laid off the employee and forwarded the matter to the police authorities for potential criminal prosecution.
Belden Faces Class Action Lawsuit Because of a November 2020 Data Breach
Belden, a U.S. networking equipment vendor, is up against a class action lawsuit connected with a November 12, 2020 data breach that led to the breach of the personal information of current and former employees. Hackers acquired access to some file servers and stole employee and a few business partners’ data.
The breach report sent to the HHS’ Office for Civil Rights indicated that the breach affected the PHI of 6,348 persons. The stolen data included names, Social Security numbers, financial account numbers, residence addresses, email addresses, birth dates, tax identification numbers, and other work-associated information. Belden submitted the breach report on November 24, 2020 and started notifying impacted individuals on December 14, 2020.
The lawsuit versus Edke v. Belden Inc. states that the plaintiff and class members endured harm because of the breach and had to wait a couple of weeks before getting information regarding their personal data theft. They claim the data breach caused a considerable risk on their identity and various sorts of financial, personal, and social hurt. Belden is alleged to have been careless and negligent. Patient data was stolen due to security breakdowns at the company.