Montefiore Notifies Patients of Privacy Breach
No Medical Records or Financial Information Accessed
New York—December 1, 2020—Today, Montefiore Medical Center is notifying some patients about a privacy breach involving patient information accessed illegally by a former employee. Montefiore discovered that it had paid false invoices that an employee and vendor submitted for unused surgical products.
Patient names, medical record numbers and the date of surgical procedures were accessed. Social security numbers, financial accounts and credit card information, however, were not accessed by the unauthorized individual.
Although the employee died during the investigation, the matter is under investigation and we are fully cooperating with law enforcement authorities. The vendor is banned from all Montefiore campuses.
To date, there is no evidence that patients or their insurance companies were improperly billed. Montefiore recommends that patients remain vigilant and carefully review statements from healthcare providers. Please immediately initiate direct contact with your provider regarding any questionable billing.
Montefiore requires criminal background checks on all employees and has comprehensive privacy policies, including a strict Code of Conduct prohibiting employees from looking at patient records unless they have a work-related reason. The paper forms involved in this scam are no longer used. Additionally, Montefiore is reviewing how invoices for surgical supplies are processed to prevent a breach like this from recurring.
This press release is in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act. Montefiore Health System has notified affected members and the Department of Health and Human Services (HHS).