Buffalo, N.Y.-based Catholic Health notified long-term care patients that some of their protected health information may have been compromised due to a data breach at its consulting services vendor, Minimum Data Set Consultants.
In March, Minimum Data Set Consultants discovered suspicious activity on its EHR systems and launched an investigation into the incident.
The investigation determined that a former employee of Minimum Data Set Consultants accessed files within its system on Aug. 27.
The files contained Catholic Health patients' names, birthdates, demographic information, Social Security numbers, Medicare numbers and diagnosis information, according to a May 5 press release from Catholic Health.
There has been no indication that any of the information has been misused; however, Catholic Health has provided notice to all long-term care residents who have protected health information in its medical records system.
The health system did not state how many patients were affected by the breach.