Montefiore is notifying some patients about a security breach involving information illegally accessed by a former employee.
Categories of personal information accessed varied and may include first and last names, medical record numbers, addresses, dates of birth, and the last 4-digits of Social Security numbers. Some clinical information, such as test results, diagnoses, and visit histories, may have also been inappropriately collected. There is no evidence that financial information, including credit card numbers, were accessed, or that patient information was used for identity theft.
The incident occurred between June 2020 and November 2020. Upon learning of this situation, Montefiore immediately deactivated the employee’s access to the electronic medical record system. After a thorough investigation, the employee was fired and the case was referred to law enforcement for possible criminal prosecution.
“We apologize for any inconvenience to our patients that this breach has caused,” said Robert Dalrymple, Chief Information Security Officer, Montefiore Medical Center. “We are taking steps to implement additional safeguards to strengthen the security of our systems.”
Montefiore is providing identity theft protection services through IDX at no cost to patients affected by this breach. Patients receiving notification letters can call 1-800-939-4170 or click here and use the provided enrollment codes. IDX representatives are available Monday through Friday from 9 am – 9 pm ET. The deadline to enroll is May 3, 2021. Protection includes 12 months of credit monitoring, a $1,000,000 insurance reimbursement policy, educational materials, and access to fraud resolution representatives.