Data breaches have become an area of concern across multiple industries from retail to finance in recent years. The breaches are impacting the healthcare field, with a scope that puts thousands of patients and their personal information in jeopardy.
One recent example occurred at Montefiore Medical Center, which is the primary academic teaching hospital for the Albert Einstein College of Medicine in the Bronx, New York City. On September 18, the hospital announced that it had suffered a significant data security breach. Rather than occurring through an external hack, the breach was the work of a now-former Montefiore Medical Center employee who accessed and allegedly stole sensitive information from more than 4,000 patients—including names, addresses, dates of birth, and Social Security Numbers. The breach occurred over a multi-year period, beginning in January 2018 and stretching until July 2020.
After the breach came to light, Montefiore Medical Center fired the employee, and the NYPD opened an investigation into the case. In the press release announcing the breach, Montefiore claimed that there is, to date, “no evidence that this patient information has been used for identity theft.” The hospital is individually notifying all patients whose information may have been compromised as part of the breach.
Such cases spotlight the risks of internal data breaches and offer a reminder for why thorough employee background checks and oversight protocols are essential. Montefiore Medical Center claims that it had both in place when this breach occurred. The hospital requires criminal background checks for all its employees and has “comprehensive privacy policies” in place to protect patients and their records.
Functionally, these privacy policies are supposed to bar any employee from accessing a patient record unless they have a “work-related reason” to do so. The hospital says that the employee in question “received significant privacy and security training” and was aware of the privacy requirement, but “chose to violate” those policies. Montefiore also notes that its “sophisticated technology that monitors improper access to electronic patient records” was ultimately to credit for identifying the employee, but does not explain how the abuses of power continued for two and a half years without detection.
The medical center will be “expanding” both its employee monitoring capabilities and its staff training in the wake of the data breach. Montefiore is also offering to pay for a year’s worth of identity theft protection services for patients whose data was affected by the breach.
Breaches and hacks are an increasingly substantial challenge for hospitals and healthcare systems in 2020. According to a post about the Montefiore data breach by Healthcare Finance News, more than 130 breaches occurred between February and May of this year—nearly 50 percent more breaches than in the same period in 2019. One factor in the increasing number of security breaches is telehealth, which has become a larger part of the healthcare equation since the COVID-19 pandemic began. Some experts worry that hackers will increasingly target medical devices and other telehealth and remote care tools to gain access to hospital computer systems.
Even if external threats are the biggest data breach risks for healthcare organizations, a robust background check strategy can help hospitals to build trust throughout their staff from the beginning. At backgroundchecks.com, we regularly work with hospitals and healthcare organizations to provide background checks services, including criminal background checks, education and work history verifications, professional license checks, ongoing criminal monitoring, and more. Contact us today to get started.
About Michael Klazema The author
Michael Klazema is the lead author and editor for Dallas-based backgroundchecks.com with a focus on human resource and employment screening developments