Four key notes:
1. Ann & Robert H. Lurie Children’s Hospital noticed an employee accessed medical records without a “business reason” for about a year, seeing patient names, addresses and birth dates. The person also could see patient medical information, but not insurance information, financial information or Social Security numbers.
2. When Lurie’s discovered the issue Nov. 15, it launched an investigation and the employee no longer works at Lurie Children’s.
3. The hospital is mailing a notification letter to patients whose records may have been viewed, asking them to review billing statements for accuracy.
4. The hospital also plans to provide more staff training to prevent privacy violations.
More articles on hospital cybersecurity:
6 health systems seeking CISOs
21 notable phishing attacks of 2019
North Carolina healthcare provider warns 4,500 patients of data breach
