Hospital Data Breach Affects Thousands of PatientsMay 26th, 2015
Another privacy breach has resulted in the theft of patients’ personal information at several hospitals in New Jersey, New York and Pennsylvania. These hospitals all used the billing services of Medical Management LLC, based in North Carolina.
Despite knowing the sensitive information its employees can access in hospitals, it is alleged that a Medical Management employee stole patient data and was undetected for nearly two years. That employee worked in the billing department.
Medical Management works with health care providers across the U.S. This recently acknowledged breach has left at risk the private information of thousands of individuals who were treated at Ridgewood’s Valley Hospital, Englewood Hospital and Medical Center, and Teaneck’s Holy Name Medical Center. In addition, patients at White Plains Hospital in New York and the University of Pittsburgh Medical Center have also been warned that their confidential patient data has been compromised.
If you have received notification that your records were comprised, or you have already become a victim of identity theft, contact W&L by phone (800) 476-6070, or online via our form or chat.
Stolen Info Increases Vulnerability to Identity Theft
The Medical Management breach is under investigation by federal authorities, according to NorthJersey.com. Although the total number of affected victims is not yet known, it is reported as being in the thousands. What is also not known yet is the extent of the breach.
What is known is that patient names, Social Security numbers and birth dates were stolen. News reports indicate that Medical Management claims that no hospital databases were hacked and no medical history or treatment was released, as far as officials know.
The employee who allegedly stole the information worked for the billing firm, Medical Management, for more than 2 years — from February 2013 until March 2015. But it was not until March that the breach was discovered and the employee was then dismissed, according to published sources.
People who have had personal data stolen are vulnerable to identity theft. Thieves can sell their information and open credit cards and cell phone accounts, and make other financial commitments that may ultimately come back to haunt the victim. Hackers can also open bank accounts and credit lines in your name, possibly destroying your credit, explains W&L.
“This increasing vulnerability has the potential to expose private facts and details of a person’s life — and often with serious consequences. Corporations that collect and utilize your data have a responsibility to protect it, and nowhere more so than when they have access to people’s medical information” explains Robin Greenwald, who heads W&L’s Environmental, Toxic Tort & Consumer Protection Unit.
Another troubling aspect of the breach is that the information provided by patients to the hospitals was shared with a third-party company. It is not clear whether the hospital properly vetted the billing firm and its data security practices.
What is also being questioned is whether patients were aware that the data they provided to receive medical care was being provided to another, separate organization. Ms. Greenwald points out, “Full disclosure needs to occur quickly to determine if other privacy rights were violated simply by the sharing of this information.”
You May Deserve Compensation If Your Identity Was Stolen
“The companies involved are offering anyone who was affected free credit protection services, but that may not be sufficient,” points out James Bilsborrow, an attorney in W&L’s Environmental, Toxic Tort & Consumer Protection Unit.
“These services are typically offered for just a year or two, but the vulnerability of the victims remains for decades. People are going to have their lives disrupted and their credit may be affected, if not destroyed,” Mr. Bilsborrow adds.
W&L has a lot of experience working with victims of corporate greed or disinterest. “The firm fights on their client’s behalf to make corporations pay for the harm caused by privacy breaches, such as the one allegedly here,” says Ms. Greenwald.
Mr. Bilsborrow encourages victims, “Reach out to us so we may try and be of service. We have the experience of working with victims of identity theft to get any compensation you may deserve.”
W&L has been active in protecting the rights of victims of data breaches. The firm recently filed class action lawsuits on behalf of victims of the Anthem and Premera health-related data breaches. Unfortunately, as demonstrated by the case of Medical Management’s privacy breach, those were not isolated incidents.