Insider threats, which include healthcare employees who abuse their access rights to steal patient data to commit identity theft and financial fraud, have affected three hospitals and health systems.
Here are the health systems reporting insider breaches since April 19:
- Yakima (Wash.) Valley Memorial Hospital reached a settlement with HHS agreeing to pay $240,000 to resolve an incident where 23 security guards inappropriately used the hospital's EHR system to obtain access to medical records of 419 patients.
- Columbia, Mo.-based University of Missouri Health Care learned that an employee had been inappropriately accessing patient electronic health records between July 2021 and March 2023. The health system said the now-suspended employee used its electronic health records system to gain access to 736 medical records.
- An employee from John Muir Health Walnut Creek (Calif.) Medical created a website that linked to an Excel file containing patient information. John Muir Health Walnut Creek Medical was not aware that the website contained links to confidential patient information until March 22. The website was disabled March 24.