Share this article on:
White Plains Hospital, N.Y. and Conemaugh Memorial Medical Center, Pa. have issued breach notices confirming they have been affected by the data breach caused by an employee of Business Associate (BA), Medical Management.
Earlier this week we reported Medical Management LLC suffered a data breach after an employee copied protected data from the company’s billing system and disclosed that information to a third party. Medical Management is a billing vendor providing a range of billing and coding services to a number of healthcare providers, many of which are in New York. The data exposed included names, dates of birth and Social Security numbers.
The University of Pittsburgh Medical Center (UPMC) was the first healthcare provider to announce that some of its patients had been affected by the data breach. Two more hospitals have now issued breach notices to the media and have sent notifications to affected patients..
White Plains Hospital Notifies 1,100 of Data Breach
White Plains Hospital in New York announced it was affected by the data breach caused by the BA and learned that approximately 1,100 of its patients had been affected.
White Plains responded and issued breach notification letters to its patients advising them that their data may have been compromised. Not every patient has been affected, only those who visited the emergency department for treatment between February 2013 and March 2015.
White Plains Vice President of Community Relations and Marketing, Dawn French, announced the breach and said patients affected would be provided with free credit monitoring and identity theft services with “a global leader in risk mitigation and response solutions,” Kroll Inc.
Patients were advised to take the matter seriously and sign up for the services being offered, in addition to contacting credit bureaus to obtain a free credit report, place a fraud alert, and even go as far as to put a freeze on credit. Patients were also told to check Explanation of Benefits statements and to question and report any suspicious activity.
Conemaugh Health System’s Memorial Medical Center Reports Breach
The west central Pennsylvania 4-hospital system announced yesterday that a number of its patients were affected by the Medical Management data breach. Conemaugh Health System’s Memorial Medical Center issued a press release confirming that some patients had been affected, and that they have been notified and offered identity theft protection for a period of one year without charge.
The hospital confirmed patients from the Conemaugh Memorial Medical Center, Meyersdale Medical Center and Miners Medical Center had been affected, although the number of victims was not disclosed in the initial press release.
The hospital was recently acquired by the Conemaugh Health System; however on March 15, under the name Duke LifePoint Conemaugh Memorial Medical Center, a breach report was submitted to OCR stating that 1,551 patients had been affected by a data breach categorized as “theft” involving a “desktop computer.” No further description was submitted along with the initial breach report – the OCR permits information to be added when it becomes available – but the report does say that no Business Associate was involved in the data breach, suggesting that this may be a separate data breach.
The Medical Management data theft is being investigated by law enforcement officers. The employee could face criminal charges for stealing the data, and if convicted of taking the information for personal gain, the offense can result in up to 10 years in prison and a substantial fine.