A 12-hospital health system is notifying hundreds of its current and former patients that their protected health information has been compromised after discovering an employee was involved in identity theft.
Merit Health system based in Jackson, Miss., only learned of the breach after local law enforcement notified them that one of their employees at Merit Health Northwest Mississippi was under investigation for identity theft, according to an online statement. The employee was allegedly swiping patient files for more than a year undetected, from February 2013 through June 2015. Law enforcement notified the hospital July 1, 2015.
[See also: Health system's data breach insurance claims get challenged.]
The employee, who was eventually suspended and barred access to the building and IT systems, swiped records containing patient names, Social Security numbers, medical diagnoses data, health plan data and also payment information.
The hospital "sincerely regrets this happened," read an online notice.
[See also: Health system sees 7th HIPAA data breach.]
The hospital did not respond to questions around how many individuals were impacted by the breach, what type of employee had access to these files and what the organization is doing to prevent something like this from happening in the future, from access management to education and new policies. A local news agency, however, is reporting that 810 patients are being notified of the breach.
