Our Lady of the Angels Hospital in Louisiana has suffered a data breach affecting more than 1,100 patients after a former employee accessed patients records without authorization. Affected data included names, addresses, contact details, insurance details, Social Security numbers, and medical history, including test results.
Upon discovery of the breach, the employee was sacked and their access to the system terminated with immediate effect. An investigation has revealed that the affected data was accessed between March 17, 2014 and July 25, 2017. It also determined which patients were affected. All affected patients have been informed and have been given 12 months of credit monitoring services.
It appears this is “another case of a healthcare employee accessing medical records out of curiosity.” Accessing confidential patient medical records without a legitimate business reason for doing so is an offence and can incur serious consequences. Employees with access to confidential information cannot just access records because they’re “curious” or because they feel like it.
Rene Ragas, president and CEO at Our Lady of the Angels Hospital, said:
Patient privacy is a top priority and we have a zero-tolerance policy for employees who improperly access patient data. We deeply regret that this happened and we are committed to doing the right thing. We have no evidence indicating that any individual’s personal information has been utilized or misused, but, out of an abundance of caution and transparency, we are proactively informing those who may have been impacted by this incident.
The hospital has responded efficiently to the breach and is taking the matter very seriously. It will be “providing additional education to all employees regarding the privacy and security of confidential patient information.”
Although this breach is an example of a deliberate misuse and not human error, it shows the importance of training staff effectively to ensure that they know how to treat confidential information. The healthcare industry is no stranger to data breaches as 41% of healthcare data breaches reported so far this year have been caused by insiders.
Educate your staff
Information security is critical within the business environment. Enroll your staff on our Information Security Staff Awareness E-Learning Course so that they gain a better understanding of what is expected of them. The course advises staff on how to avoid becoming a security liability, introducing them to your internal policies on incident reporting and responses, and providing basic knowledge of information security best practise to reduce preventable mistakes.