Meritus Health alerts patients over data breach

July 8, 2015 Arctic Wolf Networks

Meritus Health Medical Center, a 231-bed hospital in Hagerstown, Maryland, announced recently that its patients' private information – including some Social Security numbers – might be compromised. A routine audit by the center in May found improper access was made over the hospital's system that could affect more than 1,000 patients, according to the Herald-Mail.

A third party could have accessed private files on patients including their medical records, insurance data, treatment and diagnosis information and their age and gender, the hospital said. The third party was reported as a worker for one of the medical center's vendors. 

"An employee of a vendor that we work with to provide some services may have inappropriately accessed some private patient information," Mary Rizk, a spokeswoman for Meritus Health told WHAG-TV, Hagerstown's NBC affiliate. Hagerstown is approximately 75 miles northwest of Baltimore near the Pennsylvania border. 

Out of the 1,029 patients affected by the breach, fewer than 100 Social Security numbers were compromised, Rizk told WHAG-TV.

"We have no proof that any of this information has been used or misused in a manner to cause any harm," she said. 

The data would have been accessed between July 2014 and April 2015. Meanwhile, the hospital has already begun sending out letters to all patients who might be affected by the breach. 

Upon opening its investigation, Meritus found and disciplined an employee involved in the compromise by cutting off their access to the hospital's system. The unnamed vendor assured Meritus that they would also discipline their employee. According to the Herald-Mail, the medical center is still doing business with the vendor.

"We continue to work toward further strengthening controls related to vendor access to patient information and enhancing our monitoring capabilities with regard to vendor access," Rizk told the Herald-Mail.

Cybersecurity news and analysis brought to you by ArcticWolf, inventors of FireBreak detection and response security services. FireBreak, when your firewall fails.

Previous Article
Connecticut passes new data breach law

Connecticut enacted a new cybersecurity reporting law recently that will place stricter requirements on bus...

Next Article
Harvard discovers data breach to its system

Officials at Harvard University said they found an intrusion on the Cambridge, Massachusetts, college's sys...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!