ProMedica Bixby and Herrick Hospitals, both part of 13-hospital ProMedica based in Toledo, are notifying about 3,500 patients after discovering that employees were looking at electronic medical records without authorization.

The incidents are a reminder that while cyber attacks from the outside receive significant media attention, other security threats that have been around for many years require continued monitoring.

In its public filing on the breach, ProMedica reported that while the breach was discovered in April, the violations had occurred since May 2014. During that time, seven employees accessed electronic records for patients they were not directly treating and without valid business and clinical reasons, a ProMedica statement indicated.

Potentially compromised information included patient names, addresses, phone numbers, birth dates, and insurance, diagnoses, medications and other clinical information. ProMedica has disciplined some of the employees and fired others; in addition, it has launched a new auditing program that includes software that monitors employee activity in the EHR.

The organization is offering affected individuals one year of credit monitoring services.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access