Over 150 Total Lots Up For Auction at One Location - NY 04/18

Spanish Spanish

Ohio healthcare worker spent 11+ years prying on data from over 7,000 patients

by John R. Fischer, Senior Reporter | July 01, 2021
Cyber Security Health IT
Share
A former employee of the Aultman Health Foundation accessed data of more than 7,000 patients for over 11 years without authorization
An employee of the Aultman Health Foundation in Ohio was fired after they were found to have spent over 11 years accessing data for more than 7,000 patients without permission.

The organization announced the privacy breach Friday, with information possibly accessed including patient names, addresses, birthdays, social security numbers, insurance information, and diagnosis and treatment information, reports The Daily Record.

"Upon discovering this, the employee’s access to Aultman’s electronic health record system was suspended, and an investigation was conducted to determine the nature and scope of the incident," said Aultman.

The culprit’s job involved coordinating patient care, which gave them access to patient data. They are said to have accessed information outside the scope of their job duties between September 2009 and April 2021. The former employee, who has not been identified, no longer has access to patient data and will not face criminal charges.

While there is no indication of data misuse, disclosure, or signs that it will be compromised, about 7,300 patients across the Aultman service area were involved in the breach. Aultman began mailing those whose information may have been accessed this week and is recommending that they review statements from healthcare providers and insurance plans to ensure only services received are listed. Those that find something wrong are encouraged to contact their provider or insurance company immediately.

It also has set up a dedicated toll-free call center to answer questions about the incident at 855-731-3203.

"To help prevent something like this from happening again, Aultman has provided additional training to its system users and is implementing additional measures to protect the information of its patients," said the organization.

The incident is a reminder that not all data privacy breaches are committed at the hands of remote hackers. A similar event took place in 2018 in which a former chief operations officer for a cybersecurity company launched a cyberattack on Gwinnett Medical Center (GMC), which had hired his company to provide cybersecurity protection. The man, Vikas Singla, was arraigned earlier this month on charges related to the attack.

The Aultman Health Foundation consists of Aultman Hospital, Aultman Orrville Hospital, Aultman Alliance Community Hospital, health insurance provider AultCare, the Aultman Foundation and Aultman College.

The Aultman Health Foundation did not respond to HCB News for comment.
Sign up for Health IT stories Sign up for Weekly Top stories

You Must Be Logged In To Post A Comment

Sign up for Weekly Top stories

Sign up for Health IT stories

 

advertisement

Health IT Homepage

Bayer and Google Cloud to accelerate development of AI-powered radiology applications
GE HealthCare closes MIM Software deal
Teleradiology company and CEO admit to unlawful billing, will pay $3.1 million
How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
IONIC Health, GE HealthCare announce 510(k)-clearance of nCommand Lite System for multi-vendor, remote imaging
Field service technicians: Unsung heroes in maintaining efficiency and reducing headaches in hospital networks
HHS opens probe into role Change Healthcare may have played in cyberattack
Philips and AWS unveil pathology cloud data storing initiative at HIMSS
PE firm Frazier HealthCare Partners acquires RevSpring from GTCR
Ransomware attackers claim they sold Lurie Children's Hospital data for $3.4 million on dark web