Cincinnati-based TriHealth has alerted 2,433 patients that their data may have been shared with a student mentee in June 2018.
TriHealth confirmed May 24 that a former physician who was using patient information for a research project, shared data with a mentee who was not an approved TriHealth employee and was not authorized to view the data.
Information that was exposed included patients' names, dates of birth zip codes, ethnicity, life status and cancer diagnosis. No Social Security numbers, addresses, insurance or financial information was shared.
TriHealth is unaware of any data misuse. The hospital recommends patients read their insurance statements and bills to ensure accuracy.
"TriHealth team members are educated to privacy policies when they are hired and provided with annual re-education. Employees are held accountable to TriHealth policies and violation results in corrective action, up to and including discharge from employment. This process was followed for the above matter," a hospital spokesperson said in a news release.
More articles on cybersecurity:
Oregon State Hospital alerts patients of phishing attack
Memorial Hermann employee 'improperly' used patients' credit card info
First cybercrime hotline unveiled in Rhode Island