Mercy Health warns patients of data breach at RCM vendor

Mercy Health Lorain (Ohio) Hospital is alerting patients that their protected health information may have been exposed in a data breach at a revenue cycle management vendor.

In November, RCM Enterprise Services discovered that medical invoices were mailed to patients with incorrect information. Instead of including names, street addresses, cities, states and zip codes, the invoices listed names, street addresses and Social Security numbers.

The invoices with Social Security numbers were mailed between Aug. 14 and Oct. 16. RCM Enterprise Services has begun alerting hospitals and health systems whose patients may have been affected.

There is no evidence that patients' Social Security numbers have been misused. RCM Enterprise Services is offering patients credit and identity monitoring. The company also recommends patients review any financial statements.

"We take this incident, as well as information privacy and security, very seriously, and have enhanced our procedures in order to prevent the occurrence of a similar incident," said Barbara Shaub, director of revenue cycle management at RCM Enterprise Services.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars