The former employee accessed patients’ birth dates, addresses, medication listings and insurance information between July 2017 and July 2018, according to an internal investigation. Hospital officials couldn’t confirm whether all the records accessed were viewed for “appropriate job-related purposes.”
“We deeply regret this event and apologize to you for this individual’s actions. Inappropriate access to [EHRs] is contrary to Mercy Medical Center-North Iowa’s policies and inconsistent with the high expectations we place on our colleagues,” Mercy Compliance and Privacy Officer Kurt Harle said in the letter to patients.
Mercy is offering affected individuals one year of free identity-theft services, and its compliance team is reviewing privacy practices and re-educating all staff members.
More articles on cybersecurity:
Hackers offer ‘Black Friday’ discounts for stolen credit card information
ABC news affiliate finds leaked PHI from U of Kentucky HealthCare
Ohio, West Virginia hospitals say patient information safe after attempted ransomware attack
