Lowell (Mass.) General Hospital notified 769 patients after it learned an employee may have inappropriately accessed their medical records, according to HHS' Office for Civil Rights breach portal.
The hospital launched an investigation into the incident and believes a single employee accessed its EHR without a medical reason to do so, directly violating hospital policy and trainings. The employee has been terminated.
The information that was inappropriately accessed may have included names, dates of birth, diagnoses and other information about patients' medical treatment. The individual did not have access to Social Security numbers, insurance policy numbers or any financial information. The hospital does not have evidence any of the information has been misused.
Lowell is reviewing the privacy and security of its EHR and is improving its monitoring of employee activities.
Becker's Hospital Review has reached out to Lowell General Hospital for comment. This story will be updated as more information becomes available.
More articles on cybersecurity: