Nebraska Medicine discloses data breach by former employee

By  | 

OMAHA, Neb. (WOWT) - Nebraska Medicine has released a statement Tuesday regarding a data breach that was discovered in early October.

Nebraska Medicine sent a letter to patients whose medical information was accessed. They discovered the breach during an audit of their medical record system and realized an employee had accessed records outside of the employee’s job responsibility sometime between July 11 and Oct. 1. The employee was terminated immediately.

The letter states that demographic information such as name, birthdate, address, medical record number, Social Security number, and driver’s license number, clinical information, lab imagery, and notes from the physician was possibly viewed.

According to a statement Nebraska Medicine provided to 6 News: “Once Nebraska Medicine became aware of the incident, our staff took action to investigate, prevent further improper access, and to notify affected patients. We have no reason to believe the information accessed has been or will be misused.

"In cases where the Social Security number or driver’s license was accessible, we are offering credit monitoring for a full year, at no cost to the affected patients."

Those with questions were instructed to call 1-844-416-6280; the toll-free number will be answered from 8 a.m. to 5 p.m. Monday through Friday.

Text from some notification letters included the following statements:

Nebraska Medicine takes seriously the confidentiality of our patients’ information. Regrettably, we are writing to inform you of an incident involving some of that information.
On October 1, 2019, during an audit of our electronic medical record system, Nebraska Medicine discovered that an employee accessed patient records outside of the employee’s job responsibilities. The employee’s access to Nebraska Medicine patient information was terminated the next day. Our investigation determined that the unauthorized access occurred between July 11, 2018 and October 1, 2019, and that the employee viewed some of your medical record. The information that was viewed may have included your demographic information, such as your name, address, date of birth, medical record number, Social Security number and/or driver’s license number; and/or clinical information, such as physician notes, laboratory results and/or imaging.

We have no indication that any of your information has been misused. However, in an abundance of caution, we wanted to notify you of this incident to assure you that we take this matter very seriously. As a precaution, we are offering you a complimentary one-year membership of Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with identity protection support focused on immediate identification and resolution of identity theft. IdentityWorksSM Credit 3B is completely free to you and we understand that enrolling in this program will not hurt your credit score. For more information on identity theft prevention and instructions on how to activate your complimentary one-year membership, please see the additional information provided in this letter.

Please accept my sincere apology. This individual no longer works for Nebraska Medicine and no longer has access to Nebraska Medicine systems. To help prevent something like this from happening again, we are continuing to regularly audit our electronic medical record system for potential unauthorized activity, and are retraining staff about appropriate access of patient information.

Sincerely,
Debra Bishop
Privacy Officer