New York City-based Montefiore Medical Center informed patients this week that a former employee had illegally accessed patient information to create and submit fake invoices for unused surgical products.
Four details:
1. The former employee and a vendor accessed patient names, medical record numbers and surgical dates as part of a scheme to bill the hospital for unused surgical products, the health system said. The breach was between January 2018 and July 2020 and affected about 4,000 patients.
2. Montefiore is notifying patients whose information was breached. The incident is still under investigation. The former employee has died.
3. Patient Social Security numbers and financial information were not breached. The investigation has not found evidence that insurance companies were improperly billed.
4. The vendor involved in the breach was banned from the hospital's campus.