DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Pittsburgh Medical Center patients victimized by rogue employee of Medical Management LLC

Posted on May 15, 2015 by Dissent

UPMC is only one of  “numerous” clients of NC-based Medical Management LLC that have reportedly been notified of data theft by a rogue employee. We’ll have to wait to learn who the other entities are. The following is a press release issued today by UPMC:

Because of a data theft at an outside medical billing company, about 2,200 people treated at various UPMC emergency departments are being notified in writing that their records may have been illegally disclosed by an employee of Medical Management LLC. MML and its affiliates provide billing services to health care providers throughout the United States, including to UPMC’s physician group Emergency Resource Management Inc.  

MML recently informed UPMC and numerous other health care providers of the theft after federal law enforcement agencies notified MML of a criminal investigation into the incident. A call center employee—since terminated by MML—has been identified as being responsible for copying certain items of personal information from the billing system over the past two years and then illegally disclosing that information to a third party.

The personal information that was accessed and potentially compromised includes names, dates of birth and Social Security numbers. There is no evidence that information about medical histories or treatments was disclosed.

UPMC worked with MML to investigate this data breach and has independently reported this matter to the appropriate federal and state authorities. MML has secured the services of Kroll Inc. to provide identity theft protection at no cost to affected patients for one year.

“We apologize for any anxiety or inconvenience that this incident may cause for our patients. We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners,” said John Houston, UPMC’s vice president of privacy and information security.

MML is sending letters to patients whose information may have been stolen in this incident. Affected patients who received letters and have any questions should contact Kroll Inc. at 1-855-330-6364, 8 a.m. to 5 p.m. CT or check UPMC.com for additional privacy resources.

SOURCE: UPMC

Update: A template of Medical Management’s notification letter can be found on the California Attorney General’s web site, here (pdf).

Category: Health DataID TheftInsiderOf NoteSubcontractorU.S.

Post navigation

← CA: Dixon High School student arrested in electronic grade-changing scandal
Hackers attack Bundestag data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.