Former Lurie Children's employee wrongfully viewed 4,824 patient records

Ann and Robert Lurie Children's Hospital of Chicago reported that an employee viewed more than 4,800 patient medical records without a work-related reason, according to a notice posted May 4 on its website.

The hospital discovered the employee inappropriately accessed medical records between Nov. 1, 2018, and Feb. 29, 2020. The privacy breach may have affected 4,824 patients, according to HHS' Office for Civil Rights data breach portal.

Lurie Children's terminated the employee's access to its information systems on March 5 after discovering the security incident and launched an investigation.

The statement says the hospital "addressed the issue in accordance with our disciplinary policies, and the employee no longer works for the Hospital."

The hospital found that patient information exposed included names, addresses, dates of birth and medical information such as diagnoses and medications. The employee did not have access to full Social Security numbers, insurance information or financial account information.

The hospital said it does not suspect that any exposed patient information was misused or publicly released.

Since the incident, Lurie Children's has retrained staff on appropriate access to patient records and enhanced monitoring capabilities.

More articles on cybersecurity:
45% of hospitals support password sharing for caregivers to access patient health information
28 health system cyberattacks, data breaches so far in 2020
LabCorp faces shareholder lawsuit after 2 cyberattacks in 12 months: 5 details

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers