2,200 UPMC ED patients' information compromised

A data theft at an outside medical billing company has led to about 2,200 people treated at various University of Pittsburgh Medical Center (UPMC) emergency departments being notified that their records may have been illegally disclosed by an employee of Medical Management LLC (MML). MML and its affiliates provide billing services to healthcare providers throughout the United States, including to UPMC’s physician group Emergency Resource Management.  

MML recently informed UPMC and other healthcare providers of the theft after federal law enforcement agencies notified MML of a criminal investigation into the incident. A call center employee—since terminated by MML—has been identified as being responsible for copying certain items of personal information from the billing system over the past two years and then illegally disclosing that information to a third party.

The personal information that was accessed and potentially compromised includes names, dates of birth and Social Security numbers. There is no evidence that information about medical histories or treatments was disclosed.

“We apologize for any anxiety or inconvenience that this incident may cause for our patients. We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners,” said John Houston, UPMC’s vice president of privacy and information security, in a release.