Officials at the University of Miami Hospital, a 525-bed general medical and surgical facility, say the data for an unnamed amount of patients has been breached. The hospital says this happened when two employees accessed patient information from registration “face sheets,” and reportedly sold that information to a third-party.
According to the hospital, the information on the face sheets includes name, address, date of birth and insurance policy numbers, as well as the reason and service area for the visit. Additionally, the hospital says, while “the social security number field was masked to display only the last four digits, some health insurance plans, such as Medicare and Medicaid, continue to use social security numbers as insurance policy numbers.”
The hospital, which did not say how many possible patients were affected, said the incidents happened between Oct. 2010 and July 2012 and only impact people who visited the main hospital site, no any offsite facility. The employees, the hospital says, have been terminated and the investigation, conducted by local authorities, is ongoing.
University of Miami Hospital says it is offering two free years of credit monitoring services. More information on the breach can be found here: http://www.umhdataincident.med.miami.edu
A similar data breach also recently occurred in the Sunshine State. According to a news report from WFTV in Osceola County, Fla., an employee at Florida Hospital Celebration Health, a 112-bed acute care facility, has been arrested by local authorities, after he allegedly accessed more than 760,000 patient records from 2009-11, and sold them.