Memorial Hermann breach impacts 10K

An employee inappropriately accessing confidential information of patients is the source of a data breach in Texas impacting more than 10,000 individuals.

The employee of Memorial Hermann Health System in Houston accessed the information over a period of more than six years. The accessed data included medical records, health insurance information and some Social Security numbers. Financial information was not included.

Memorial Hermann officials first learned of the breach on July 7 and finalized their inquiry during the week of Aug. 25. "We learned that a now former clinical employee accessed patients' electronic medical records outside of the employee's normal job duties from December 2007 to July 2014," says a letter sent to affected patients. "We immediately launched a thorough investigation, including hiring outside forensics experts, and suspended the employee's access to the medical records."

The employee was not named and is no longer with the institution, a Memorial Hermann statement said.

The breach, impacting 10,604 patients, has been reported as a possible violation of state and federal privacy laws to the U.S. Department of Health and Human Services and the Texas Attorney General's office.

The incident is the latest in a series of breaches hitting organizations within Texas Health System, including University of Texas Medical Branch at Galveston, M.D. Anderson Cancer Center, Houston Methodist Hospital and Texas Children's Hospital. These incidents, all occurring since 2010, mostly involved the loss or theft of computers or computer storage devices.

The biggest breach involved a stolen M.D. Anderson laptop containing information on 30,000 patients, including the specific medical information of 10,000.

The system has set up a dedicated call center for those affected by the breach.