News

Data Breaches Impact Practices Large and Small

LibertyID our data breach and identity theft restoration services partner (www.LibertyID.com/business/LACMA) advised us of a recent data breach led by an employee and that physicians, whether in private practice or large groups, should always be aware of the risk. Nebraska Medicine suffered a data breach after an employee accessed patients' medical records for almost three months without authorization or even the thinnest sliver of a legitimate reason. A routine audit of the medical record system conducted in October of this year revealed the gross violation of patient privacy, which occurred over the summer of 2019. The employee took their first digital stroll through patients' records on July 11. The unauthorized access then continued until October 1, when the audit was carried out. After discovering what was going on, Nebraska Medicine took steps to prevent any further unauthorized access from occurring. A particularly effective step was the organization's decision to fire the employee in question the day after the privacy violation was detected. Patients whose data had been compromised were notified by letter. Information accessed by the now former Nebraska Medicine employee included names, birth dates, addresses, medical record numbers, Social Security numbers, driver’s license numbers, clinical information, lab imagery, and notes from physicians.

Nebraska Medicine privacy officer Debra Bishop wrote: "This individual no longer works for Nebraska Medicine and no longer has access to Nebraska Medicine systems. To help prevent something like this from happening again, we are continuing to regularly audit our electronic medical record system for potential unauthorized activity, and are retraining staff about appropriate access of patient information."

Nebraska Medicine operates two major hospitals and 40 outpatient clinics in the Omaha area and has an international reputation for providing bone marrow and stem cell transplantation services. In 2006, Nebraska Medicine performed the first "frozen elephant trunk" heart procedure, otherwise known as open stent grafting, in the United States.

LibertyID provides fully managed identity theft restoration solutions to individuals, couples, families, and businesses. LibertyID for Small Business provides cyber breach preparation and response solutions to businesses that collect and harbor confidential personal information on their clients or patients. LibertyID does not collect subscriber information and we will never sell or lease our restoration victims’ information. As practices close for the holidays, I will share tips provided by LibertyID on how to protect your business, your data and livelihood from cybercriminals.

If you would like more information on LibertyID contact me or visit our preferred partner page below.