Montefiore Medical Center has learned that one more employee got access to patient data without any legit work reason.
The New York hospital reported in February 2020 that one employee was found to have viewed health records with no permission for 5 months in 2020, and a different employee was discovered to have gotten the protected health information (PHI) of roughly 4,000 patients from January 2018 to July 2020.
The most recent findings concerned an employee viewing patient records with no permission for over one year. Montefiore’s FairWarning software detected the breach. The software tracks logs of improper access.
Upon discovery of unauthorized medical record access, the center suspended the employee pending an investigation. An evaluation of record access showed that the employee had viewed records without having legit work reasons from January 2020 to February 2021.
The types of data accessed differed from one patient to another and involved first and last names, addresses, emails, birth dates, medical record numbers, and the last 4-numbers of Social Security numbers. Montefiore did not find any proof of access to financial data or clinical details.
The unauthorized record access is a violation of Montefiore’s guidelines and HIPAA. The center dismissed the employee from work and referred the issue to law enforcement for probable criminal prosecution.
Class Action Lawsuit Against Belden Over November 2020 Data Breach
Belden, a networking equipment vendor in the U.S., is confronted with a class-action lawsuit in connection with a November 12, 2020 data breach that resulted in the compromise of the personal data of present and past employees. Hackers obtained access to only a few file servers and copied employees and some business partners’ information.
The breach report was lately submitted to the HHS’ Office for Civil Rights as affecting the PHI of 6,348 people. The following information was stolen: names, Social Security numbers, financial account numbers, tax identification numbers, residence addresses, email addresses, birth dates and other employment-associated data. Belden reported the breach on November 24, 2020 and began informing affected persons on December 14, 2020.
The lawsuit against Edke v. Belden Inc. claims the plaintiff and class members suffered harm due to the breach and needed to wait a few weeks prior to being informed about the theft of their personal data. They assert the information breach has put them at “considerable risk of identity theft and different types of personal, financial and social hurt. The lawsuit states Belden was careless and negligent, and because of security breakdowns at the company, patient data was stolen.