After learning of a former employee stealing patient identities, Community Health Med-check in Speedway, Ind. has notified about 180 patients that their data may have been compromised.
WISH TV in Indiana reports that the employee (who no longer works at Community but it’s unknown if they were fired) was able to gain access to the EHRs of up to 180 people from mid-March to mid-April. But Jean Putnam, Vice President at Community Health Network, which has about 1,200 employees, believes only about 10 patients were affected. The data in EHRs that was inappropriately accessed included Social Security numbers, dates of birth or credit card numbers.
Though the report says that Community Health sent letters to affected patients alerting them to the crime, there isn’t an exact timeline of when it learned of the breach and the time it took to alert patients. WISH TV did speak to a patient who said there was about a month-long delay between the breach and when he received his letter. Charges against the former employee have yet to be filed and there wasn’t any talk of Community offering credit report or identity monitoring.
And while Community Health says that it was a first-time incident and it will better protect patient data going forward, the way the employee was able to gain entry into these EHRs should be a bit scary for patients. Since Community didn’t say anything about technical safeguards, the assumption can be made that there were none in place. This looks to be a relatively large network and one would think decision-makers have seen all of the health data breaches over the past few years.