Byram Healthcare is a firm that provides disposable medical supplies. They were acquired in 2017 by Owens & Minor.
On October 22, Byram sent notification letters to patients whose data may have been stolen and/or misused by a former employee. Byram learned of the former employee’s wrongdoing when they were contacted by law enforcement.
In response to this incident, Byram says that they have increased staff training and staff monitoring. They do not indicate how they will now monitor staff more to identify any inappropriate access to patient data, but then, they might not want to tip their hat on that.
Somewhat surprisingly, they do not seem to offer their patients any remediation assistance at their expense. It seems that patients get an apology, some tips on how to protect themselves, but are basically on their own. Whatever happened to “in an abundance of caution?” Byram says they do not believe that the former employee accessed SSN. Personally, I wouldn’t care what Byram “believes,” particularly if it’s self-serving. Can Byram show that the former employee definitely didn’t access or acquire SSN or other identity information? If they can’t, perhaps they should provide more support to patients. At the very least, it might make a lawsuit against them less likely to prevail.
The full notification letter appears below.