Merit Health Northwest Mississippi (“the Hospital”) is notifying patients about an unauthorized removal of their health information from the Hospital. Affected patients have been mailed a letter with details related to this matter and information on accessing free credit monitoring and identity theft resolution services.
On July 1, 2015, the Hospital was notified by law enforcement that an employee was under investigation for identity theft. Law enforcement recovered documents belonging to the Hospital that contained patient information. At this time, it appears the employee was removing documents from the Hospital from February 2013 through June 2015.
The information that was removed by the employee included patient names, addresses, date of birth, social security numbers, health plan numbers and clinical information. In some cases, it may have also included information regarding any other person responsible for payment of care.
Following notification by law enforcement, the Hospital opened an internal investigation. In order to prevent any further removal of documents or unauthorized computer access by the employee, the Hospital terminated the employee’s access to buildings and computers and suspended the employee. This person is no longer employed by the Hospital. The Hospital is cooperating with law enforcement in its ongoing investigation.
Merit Health Northwest Mississippi takes information security and patient privacy seriously, and sincerely regrets this happened. Questions may be directed to (662) 621-5150 or (877) 483-8615.
SOURCE: Merit Health Northwest Mississippi
In their coverage of the breach, the Clarksdale Press Register reports that 810 patients are being notified but that there may be more notification as the hospital and police continue their investigations.