Montefiore Issues Letters to Patients About Security Breach & Potential Identity Theft
New York (April 13, 2021) – Today, Montefiore Medical Center is notifying some patients about a security breach involving information illegally accessed by a former employee.
Categories of personal information accessed varied and may include first and last names, medical record numbers, addresses, emails, dates of birth and the last 4-digits of Social Security numbers. There is no evidence that financial information, including credit card numbers, or clinical information was accessed. The inappropriate access occurred between January 2020 and February 2021.
Montefiore requires criminal background checks on all employees and has comprehensive privacy policies, including a strict Code of Conduct that prohibits employees from looking at patient records unless they have a work-related reason. The employee involved in this case chose to violate these policies. Montefiore’s FairWarning software, which monitors improper access to electronic patient records, identified the employee.
Upon learning of this situation, Montefiore immediately suspended the employee and disabled access to its electronic medical records system. After a thorough investigation, the employee was fired, and the case was referred to law enforcement for possible criminal prosecution.
To date, there is no evidence of identity theft, nor that patients or their insurance companies were improperly billed. Montefiore recommends that patients remain vigilant and carefully review statements from healthcare providers. Please immediately initiate direct contact with your provider regarding any questionable billing. Additional details on identity theft protection will be included in patient notification letters.
This press release is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Montefiore Health System has notified affected members and the Department of Health and Human Services (HHS).