Mercy Health warns patients of data breach at RCM vendor

Mercy Health Lorain (Ohio) Hospital is alerting patients that their protected health information may have been exposed in a data breach at a revenue cycle management vendor.

In November, RCM Enterprise Services discovered that medical invoices were mailed to patients with incorrect information. Instead of including names, street addresses, cities, states and zip codes, the invoices listed names, street addresses and Social Security numbers.

The invoices with Social Security numbers were mailed between Aug. 14 and Oct. 16. RCM Enterprise Services has begun alerting hospitals and health systems whose patients may have been affected.

There is no evidence that patients' Social Security numbers have been misused. RCM Enterprise Services is offering patients credit and identity monitoring. The company also recommends patients review any financial statements.

"We take this incident, as well as information privacy and security, very seriously, and have enhanced our procedures in order to prevent the occurrence of a similar incident," said Barbara Shaub, director of revenue cycle management at RCM Enterprise Services.

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.