DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NJ: University Hospital recently learned of long-running insider-wrongdoing breach

Posted on October 19, 2021 by Dissent

The following notice by University Hospital in New Jersey is the kind of notification no healthcare entity wants to have to publish. It involves a rogue employee misusing their access to obtain information on patients that may ultimately be provided to personal injury lawyers or those trying to recruit clients or patients who have suffered injuries in motor vehicle accidents.  It is the type of insider-wrongdoing that we have seen and reported on the past, although it’s been a while since this blog has seen this type of report.

University Hospital (UH) is committed to protecting the privacy and security of our patients’ information. Regrettably, this notice is regarding an incident we identified that may have a limited group of patients’ information.

On August 24, 2021, we learned that a now-former employee may have accessed and provided patient information to unauthorized individuals between January 1, 2016 and December 31, 2017. This former employee had authorized access to patient information to perform the essential functions of his/her job and exceeded the authorized use of that access. A criminal investigation is ongoing. The individual had access to some patients’ names, addresses, dates of birth, social security numbers, health insurance information, medical record numbers and clinical information related to care you may have received at UH.

This incident did not affect all patients at UH; but only certain patients treated in the emergency department at UH following motor vehicle accidents between 2016 and 2017.

We are mailing letters to those patients whose information may have been involved in this incident beginning on October 11, 2021. As a precaution, we are offering those patients a complimentary one-year credit monitoring and identify protection membership. If you believe you are affected and do not receive a letter by November 15, 2021, please call at 1 (855) 732-0773, Monday through Friday, 9:00 am through 6:30 pm ET.

We want to assure our patients that we are taking this matter very seriously. We deeply regret that this incident has occurred and greatly value the trust our patients have placed in University Hospital. To help prevent something like this from recurring, this individual no longer works at UH, and UH has reviewed internal policies, procedures and staff training pertaining to the privacy of patient information.

This breach was reported to HHS as impacting 9,329 patients.

Category: Health DataInsiderU.S.

Post navigation

← Judge Sentences Michigan Man to 7 Years in Prison for Hacking UPMC HR Databases and Stealing Employees’ Personal Information
Kemper Proposes $17.6M Settlement of Data Breach Claims →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach
  • Hacker who breached communications app used by Trump aide stole data from across US government
  • Massachusetts hacker to plead guilty to PowerSchool data breach (1)

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.