The Daily Swig Web security digest

Former SSM employee implicated in privacy breach

James Walker | 02 January 2018 at 15:29

Prescription snooper accessed thousands of patient records.

SSM Health, a US non-profit healthcare system with facilities in Illinois, Missouri, Oklahoma, and Wisconsin, has alerted nearly 30,000 patients to a privacy breach after a former employee was found to have “inappropriately accessed” medical records.

An investigation conducted by the group found that a former customer service representative gained access to patient records between February 13 and October 20, 2017. Although they had access to demographic and clinical data, no financial information was compromised.

“It appears that although the former employee accessed patient information from multiple states, the focus of his illegal activities involved the medical records of a small number of patients with a controlled substance prescription and a primary care physician within the St Louis area,” SSM said.

“Out of an abundance of caution, SSM Health is notifying all 29,000 patients whose records were accessed by this individual, even if the access may have been for legitimate job functions. SSM Health has also reported the incident to the Office for Civil Rights and local law enforcement.”

The healthcare group said it has taken “immediate corrective actions” following the breach, including requiring an additional identifier when patients request prescription refills. The company is also providing identity theft protection at no charge to affected patients.

“We take very seriously our role of safeguarding our patients’ personal information, and we deeply regret any inconvenience or concern this situation may have caused,” said SSM system privacy officer, Scott Didion.