by John R. Fischer
, Senior Reporter | July 01, 2021
An employee of the Aultman Health Foundation in Ohio was fired after they were found to have spent over 11 years accessing data for more than 7,000 patients without permission.
The organization announced the privacy breach Friday, with information possibly accessed including patient names, addresses, birthdays, social security numbers, insurance information, and diagnosis and treatment information, reports The Daily Record
"Upon discovering this, the employee’s access to Aultman’s electronic health record system was suspended, and an investigation was conducted to determine the nature and scope of the incident," said Aultman.
The culprit’s job involved coordinating patient care, which gave them access to patient data. They are said to have accessed information outside the scope of their job duties between September 2009 and April 2021. The former employee, who has not been identified, no longer has access to patient data and will not face criminal charges.
While there is no indication of data misuse, disclosure, or signs that it will be compromised, about 7,300 patients across the Aultman service area were involved in the breach. Aultman began mailing those whose information may have been accessed this week and is recommending that they review statements from healthcare providers and insurance plans to ensure only services received are listed. Those that find something wrong are encouraged to contact their provider or insurance company immediately.
It also has set up a dedicated toll-free call center to answer questions about the incident at 855-731-3203.
"To help prevent something like this from happening again, Aultman has provided additional training to its system users and is implementing additional measures to protect the information of its patients," said the organization.
The incident is a reminder that not all data privacy breaches are committed at the hands of remote hackers. A similar event took place in 2018 in which a former chief operations officer for a cybersecurity company launched a cyberattack
on Gwinnett Medical Center (GMC), which had hired his company to provide cybersecurity protection. The man, Vikas Singla, was arraigned earlier this month on charges related to the attack.
The Aultman Health Foundation consists of Aultman Hospital, Aultman Orrville Hospital, Aultman Alliance Community Hospital, health insurance provider AultCare, the Aultman Foundation and Aultman College.
The Aultman Health Foundation did not respond to HCB News for comment.