Data Breaches Are Becoming More Common at Hospitals

By Michael Klazema on 10/6/2020

Data breaches have become an area of concern across multiple industries from retail to finance in recent years. The breaches are impacting the healthcare field, with a scope that puts thousands of patients and their personal information in jeopardy. 

One recent example occurred at Montefiore Medical Center, which is the primary academic teaching hospital for the Albert Einstein College of Medicine in the Bronx, New York City. On September 18, the hospital announced that it had suffered a significant data security breach. Rather than occurring through an external hack, the breach was the work of a now-former Montefiore Medical Center employee who accessed and allegedly stole sensitive information from more than 4,000 patients—including names, addresses, dates of birth, and Social Security Numbers. The breach occurred over a multi-year period, beginning in January 2018 and stretching until July 2020. 

After the breach came to light, Montefiore Medical Center fired the employee, and the NYPD opened an investigation into the case. In the press release announcing the breach, Montefiore claimed that there is, to date, “no evidence that this patient information has been used for identity theft.” The hospital is individually notifying all patients whose information may have been compromised as part of the breach. 

Such cases spotlight the risks of internal data breaches and offer a reminder for why thorough employee background checks and oversight protocols are essential. Montefiore Medical Center claims that it had both in place when this breach occurred. The hospital requires criminal background checks for all its employees and has “comprehensive privacy policies” in place to protect patients and their records. 

Functionally, these privacy policies are supposed to bar any employee from accessing a patient record unless they have a “work-related reason” to do so. The hospital says that the employee in question “received significant privacy and security training” and was aware of the privacy requirement, but “chose to violate” those policies. Montefiore also notes that its “sophisticated technology that monitors improper access to electronic patient records” was ultimately to credit for identifying the employee, but does not explain how the abuses of power continued for two and a half years without detection. 

The medical center will be “expanding” both its employee monitoring capabilities and its staff training in the wake of the data breach. Montefiore is also offering to pay for a year’s worth of identity theft protection services for patients whose data was affected by the breach. 

Breaches and hacks are an increasingly substantial challenge for hospitals and healthcare systems in 2020. According to a post about the Montefiore data breach by Healthcare Finance News, more than 130 breaches occurred between February and May of this year—nearly 50 percent more breaches than in the same period in 2019. One factor in the increasing number of security breaches is telehealth, which has become a larger part of the healthcare equation since the COVID-19 pandemic began. Some experts worry that hackers will increasingly target medical devices and other telehealth and remote care tools to gain access to hospital computer systems. 

Even if external threats are the biggest data breach risks for healthcare organizations, a robust background check strategy can help hospitals to build trust throughout their staff from the beginning. At, we regularly work with hospitals and healthcare organizations to provide background checks services, including criminal background checkseducation and work history verifications, professional license checksongoing criminal monitoring, and more. Contact us today to get started.

Tag Cloud
Recent Posts

Latest News

  • October 29

    Employment discrimination doesn’t happen only at the hiring stage. Recent EEOC settlements showcase the importance of fairness in the workplace and the potential consequences of violations for business owners.

  • October 28

    What are teacher background checks? What about other school background checks? We look at the steps that schools take to ensure a safe environment for students and employees.

  • October 27

    Locksmiths are only sometimes regulated, depending on the county. We look at why locksmith background checks and contractor background screening matter.

  • October 22 Most states use a “ban the box” rule to prevent discrimination in hiring. Employers must stay up-to-date with changes to these rules—here’s the latest.
  • October 21

    COVID-19 and its fallout has reshaped recruitment, hiring, and work in profound and fundamental ways. Here’s what you should know about how the ongoing recovery of the economy and job market might transform your recruitment in 2020.

  • October 20 — We examine the new educational normal that COVID-19 is creating and what it could mean for the future of schooling.
  • October 20

    A new lawsuit from a recently-fired-executive within New York City’s Department of Education Office of Pupil Transportation alleges that the city’s school bus driving system has been mismanaged on multiple levels. Allegations in the lawsuit include fraud, breaches in ethics, and incomplete bus driver background checks. 


  • October 15 After decades of abuse allegations spilled out in the early 2000s, the Catholic Church pledged to do more to stop abuse. A new investigation reveals many shortcomings.
  • October 14

    Most landlords perform background checks on prospective tenants. What do those checks typically include? Learn all about tenant background checks.

  • October 13

    Criminal history checks and other background checks play a vital role in hiring, but they can also be a barrier to diversity and support employment discrimination (often unintentionally). Here’s what you need to know.