Employee Privacy Breach lasting for 15 years reported by Metro Health System
Take action: An insider threat is the most difficult threat to defend against.
Learn More
The Metro Health System in Cleveland, Ohio recently made a disturbing report concerning the breach of employee privacy, when it discovered that an employee had accessed patient records without a valid work-related reason.
This unauthorized access was detected on April 27, 2023, and a subsequent investigation revealed that patient records had been accessed without proper authorization over a period of 15 years, with the earliest incident dating back to 2008.
The information accessed by the employee included
- patient names,
- dates of birth,
- clinical information.
Fortunately, no Social Security numbers or financial information were compromised.
No details are available as to the number of affected individuals
In response to this breach, Metro Health System promptly took action and disciplined the employee according to its sanctions policy. Additionally, there is currently no evidence to suggest that the patient data has been shared with others or misused in any way.
The affected individuals are being notified through mail about the incident. The organization is also working on improving its privacy practices to prevent such breaches in the future. Furthermore, the workforce has undergone additional training to reinforce the importance of patient privacy and data security.
