Thousands of patients have been alerted that their medical records were potentially stolen in a data breach that affected at least three hospitals located in Bergen County, New Jersey. According to officials, an employee of Medical Management LLC, a healthcare billing company located in North Carolina, allegedly stole the names, Social Security Numbers, and birth dates of patients at The Valley Hospital in Ridgewood, Englewood Hospital and Medical Center, and Holy Name Medical Center in Teaneck. The employee is believed to have then passed along the stolen personal information to a third party. Following the breach, both Holy Name Medical Center and Englewood Hospital confirmed that they have sent notification letters to at least 1,500 patients each. Valley Hospital has not provided an exact number of how many patients it has contacted.
“We regret the inconvenience to the patients and urge patients who received the letter to take advantage of this free identity theft protection service,” said Alicia Park, a spokeswoman for Englewood Hospital.
The scope of the breach is currently unknown. As North Jersey reports, Medical Management LLC maintains 40 contracts with providers across the nation. These include White Plains Hospital in New York and University of Pittsburgh Medical Center, both of which have warned thousands of their patients that their records may have been stolen.
The employee who is believed to have been involved in the data breach worked with Medical Management LLC between February 2013 and March 2015, when the breach was discovered. The billing company has agreed to provide anyone affected by the breach with free credit monitoring services.
“MML is cooperating with federal law enforcement authorities in their criminal investigation,” the company said in letters sent to patients.
This incident marks the latest breach to strike the healthcare sector. Earlier this week, CareFirst BlueCross BlueShield announced that it notified 1.1 million customers after it discovered that hackers had successfully infiltrated a corporate database. This announcement came just months after Anthem, the second largest health insurer in the United States, confirmed that its servers had been breached. Given the rise of security incidents in the medical industry, the U.S. Department of Health & Human Services has created a website that maintains a record of all healthcare-related breaches that affect at least 500 patients. That breach portal can be accessed here.
