The health system said the incident occurred between June and November 2020, according to the Jan. 29 notice published on its website. Montefiore deactivated the employee’s access to the EHR as soon as it discovered the situation.
Patient information breached included first and last names, medical record numbers, addresses, dates of birth and the last 4 digits of Social Security numbers. Some clinical information such as test results and diagnoses may have also been inappropriately collected.
Montefiore fired the employee and referred the case to law enforcement for potential criminal prosecution. The health system is also offering free identity theft services to any patients affected by the incident.
“We apologize for any inconvenience to our patients that this breach has caused,” Montefiore Medical Center CISO Robert Dalrymple said in the news release. “We are taking steps to implement additional safeguards to strengthen the security of our systems.”
More articles on cybersecurity:
Ransomware attack temporarily shuts down Georgia hospital’s phone lines, computer systems
More than 900K health records breached in January
Florida Medicaid website hacked for 7 years, hundreds of thousands affected
