Six-hospital Med Center Health, serving the Bowling Green region of Kentucky, began notifying 160,000 patients on March 24 after an employee stole huge amounts of billing information to assist in an unapproved project to develop a new tool for an outside business interest.

The employee, who is no longer with the organization, on two occasions obtained information on the pretense it was needed to carry out duties at Med Center Health, according to a notification letter sent to affected individuals and the community.

The Medical Center
The Medical Center

Also See: Why insider threats remain the biggest risk to data

“To date, our investigation indicates that in August 2014 and February 2015 the individual in question obtained patient information on an encrypted CD and encrypted USB drive, without any work-related reason to do so,” the letter states.

Compromised information included names, addresses, Social Security numbers, health insurance information, diagnoses and procedure codes and charges for medical services provided. Clinical records, medical history and treatment data were not accessed.

The breach affects patients treated at six specific facilities between 2011 and 2014. Med Center Health is offering affected individuals one year of credit monitoring and identity protection services. An organization spokesperson was not immediately available for comment.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access