Although that physician was a member of the medical group Pedes shares its building with and had access to the shared scheduling tool, the individual was not authorized to access Pedes’ EMR.
The database stored patients’ personal health information, including names, medical diagnosis, medical treatments, dates of medical service and other treatment-related information. Financial account information and Social Security numbers were not stored in the database.
The clinic is telling patients it has no reason to believe the information was misused by this individual, though Pedes is recommending patients review documents from their health insurer as a precaution.
Pedes established a dedicated call center to field patients’ concerns and is conducting a comprehensive review of its security practices, procedures and safeguards.
Becker’s Hospital Review reached out to Pedes Orange County for comment. This story will be updated as more information becomes available.
More articles on cybersecurity:
Facebook hires IBM scientist who helped build Watson for its AI efforts: 5 things to know
UPenn researchers want to launch the US’s 1st CRISPR trial in humans: 6 things to know
