Update: NorthJersey.com reports that the “Medical Management LLC” involved in this breach is based in North Carolina.
One rogue employee at Medical Management LLC is resulting in 40 of the billing company’s clients having to notify patients. Medical Management is handling the notifications (template), but even so, this is not the way hospitals want to be in the news.
Here are some of MML’s clients that I’ve found mentioned as being impacted by the breach, below. In most cases, we don’t yet have numbers affected, and in some cases, it’s not clear if the hospital name is duplicative for the name of a physicians’ group:
In New Jersey: Valley Hospital, Englewood Hospital and Medical Center, Emergency Physicians of Englewood, and Holy Name Medical Center.
In New York: 1,100 patients at White Plains Hospital Center, Park Slope Emergency Physician Services, PC; Phelps Memorial Hospital Center Emergency Physicians; The Brooklyn Hospital Center Emergency Medicine, PC
In Pennsylvania: 2,259 patients at University of Pittsburgh Medical Center, three Conemaugh Health System hospitals: Memorial Medical Center (1,551 patients), Meyersdale Medical Center, and Miners Medical Center; Emergency Physicians of Pittsburgh, Ltd.
In Illinois: Tri-County Emergency Physicians, LLC
Update 1: Add Jefferson Hospital to Pennsylvania entities. The hospital, part of Allegheny Health Network, notified 800 patients.
Update 2: They reported this to HHS on May 15th as affecting 20, 512 patients.