California-based medical centre suffered potential data breach after one of its former healthcare care manager was going by a fake name and had a falsified nursing license. Mercy Medical Center Redding, a Dignity Health organization came to know about the data breach when notified by its business associate, naviHealth that patient information was accessed inappropriately. The medical center takes help of naviHealth to help carry out patient support after an individual leaves the medical center.
Former case manager had been working under a fake name and nursing license during the period of June 2015 to May 2016. As part of job responsibility, the individual had access to patient information which included standard clinical information, patient data, and health insurance account information. naviHealth terminated the employee and his computer access after discovering the breach and contacted law enforcement officials.Around 520 individuals were affected by the incident.
Affected information included certain PHI, such as names, addresses, phone numbers, Social Security numbers, dates of birth, emails, medical record numbers, account numbers, and dates of medical services exposed. The former employee may have also accessed diagnoses, lab results, medications, dates of treatment, provider notes, group health plan numbers, and member IDs for some patients.
After the incident, naviHealth has reviewed all calls made by the former case manager to ensure content and clinical accuracy. Verification of nursing licenses and identifications for all its employees were carried out along with implementation of more thorough screening process for potential employees. All affected individuals were notified about the incident and provided resources on identity theft protection.
According to the statement, “As a precaution, you can contact any one of three major credit bureaus and have a “fraud alert” placed on your credit file. A fraud alert lets creditors know to contact you before new accounts are opened in your name. You will also be automatically sent copies of your current credit files.”
Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe.