The nursing center reported the data breach Nov. 24 to HHS as affecting 1,030 individuals. In a notice posted to its website, Hillcrest said that the physician was fired Aug. 4; on Aug. 23, some of the center residents’ family members notified Hillcrest that they had received phone calls from the terminated physician discussing the resident’s care and treatment.
Hillcrest discovered Aug. 24 that the terminated physician still had access to its EHR system. The center then immediately revoked the physician’s access. As a result of the incident, the terminated physician may have been able to access residents’ personal information including names, Social Security numbers, insurance information and medical history.
The center implemented a new facility policy to immediately remove users from its EHR system at the time of termination and is also offering free identity theft restoration and credit monitoring services to residents affected by the incident.
More articles on cybersecurity:
State officials express privacy concerns over CDC’s call for COVID-19 vaccine data registry
Kalispell Regional establishes $4.2M data breach settlement fund: 4 details
Maryland hospital reports IT outage after ransomware attack
