Florida's Holy Cross Hospital recently began notifying patients that an employee in a Holy Cross Medical Group physician's office may have accessed their personal information, and accessed the IRS.gov Web site soon after, presumably in order to file fraudulent tax returns.
Data accessed by the employee, who has since been terminated, included patients' names, birthdates, addresses and Social Security numbers. No patient medical information appears to have been accessed.
"At this point it is not possible to know for certain the actual period of time involved or how many patients may be affected," Holy Cross Hospital president and CEO Patrick A. Taylor, MD wrote in the notification letter [PDF]. "For this reason, we are taking the precaution of notifying by letter all of the patients whose demographic information was accessed by this person during the period of employment between November 2011 and August 2013."
All those affected are being offered one free year of credit monitoring services through Experian's ProtectMyID. Patients with questions are advised to contact (800) 357-0823.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"Please note that this appears to have been the improper, unauthorized and potentially criminal actions of an individual and does not involve an external compromise of the computer systems that the Hospital uses to protect patient information," Taylor added.