Meritus Medical Center in Hagerstown, Md., is notifying patients their personal data may be compromised after discovering a vendor's employee may have accessed patient information outside of the employee's job duties.
The hospital learned of the inappropriate access May 4, 2015 through a routine compliance and self-audit effort, according to the statement. Upon discovering the breach, the hospital suspended the employee's access to the systems.
An investigation into the breach determined the vendor's employee potentially accessed patient names, birth dates, age, gender, medical record number, clinical information and some health insurance information. Additionally, the employee may have accessed some patients' Social Security numbers. Financial information including credit cards and bank account information were not affected.
Meritus Medical Center has no indication any of the information has been misused. The hospital did not indicate how many patients were affected, but did say not all Meritus Medical Center patients' information was compromised.
More articles on data breaches:
Criminal fraud data breach affects 5,300 Healthfirst members
7 states update data breach notification laws in 2015
Patient files class-action lawsuit against UCLA Health over data breach