DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

University of Pittsburgh Medical Center patients victimized by rogue employee of Medical Management LLC

Posted on May 15, 2015 by Dissent

UPMC is only one of  “numerous” clients of NC-based Medical Management LLC that have reportedly been notified of data theft by a rogue employee. We’ll have to wait to learn who the other entities are. The following is a press release issued today by UPMC:

Because of a data theft at an outside medical billing company, about 2,200 people treated at various UPMC emergency departments are being notified in writing that their records may have been illegally disclosed by an employee of Medical Management LLC. MML and its affiliates provide billing services to health care providers throughout the United States, including to UPMC’s physician group Emergency Resource Management Inc.  

MML recently informed UPMC and numerous other health care providers of the theft after federal law enforcement agencies notified MML of a criminal investigation into the incident. A call center employee—since terminated by MML—has been identified as being responsible for copying certain items of personal information from the billing system over the past two years and then illegally disclosing that information to a third party.

The personal information that was accessed and potentially compromised includes names, dates of birth and Social Security numbers. There is no evidence that information about medical histories or treatments was disclosed.

UPMC worked with MML to investigate this data breach and has independently reported this matter to the appropriate federal and state authorities. MML has secured the services of Kroll Inc. to provide identity theft protection at no cost to affected patients for one year.

“We apologize for any anxiety or inconvenience that this incident may cause for our patients. We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners,” said John Houston, UPMC’s vice president of privacy and information security.

MML is sending letters to patients whose information may have been stolen in this incident. Affected patients who received letters and have any questions should contact Kroll Inc. at 1-855-330-6364, 8 a.m. to 5 p.m. CT or check UPMC.com for additional privacy resources.

SOURCE: UPMC

Update: A template of Medical Management’s notification letter can be found on the California Attorney General’s web site, here (pdf).

Category: Health DataID TheftInsiderOf NoteSubcontractorU.S.

Post navigation

← CA: Dixon High School student arrested in electronic grade-changing scandal
Hackers attack Bundestag data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters
  • Dutch police identify users on Cracked.io
  • Help, please: Seeking copies of the PowerSchool ransom email(s)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale
  • The Meta AI app is a privacy disaster – TechCrunch
  • Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
  • Norwegian Data Protection Authority’s findings on tracking pixels: 6 cases
  • Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025
  • Rules Proposed Under New Jersey Data Privacy Act
  • Using facial recognition? Three recent articles of interest.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.
Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report