Topics
Reimbursement
Senators urge action on physician payment cut before end of lame duck session
Senators urge action on physician payment cut
Revenue Cycle Management
Trends 2025: The demand for interim revenue cycle executives
Trends 2025: The demand for interim revenue cycle executives
Strategic Planning
CVS announces layoffs due to loss of Kansas Medicaid contract
CVS announces layoffs due to loss of Kansas Medicaid contract
Capital Finance
Cigna nixes speculation of a Humana merger
Cigna nixes speculation of a Humana merger
Supply Chain
Feds shore up healthcare supply chain in wake of hurricanes Helene and Milton
Feds shore up supply chain in wake of hurricanes
Accounting & Financial Management
Walgreens posts $265 million net loss in Q1
Walgreens posts $265 million net loss in Q1
Budgeting
Health system operating margins declined in August
Health system operating margins declined in August
Quality and Safety
Senate report slams private equity's ownership of hospitals
Senate report slams private equity's ownership of hospitals
Billing and Collections
CFPB warns of illegal tactics by medical debt collectors
CFPB warns of illegal tactics by medical debt collectors
Claims Processing
Denials top reason for eroding provider-payer relationship
Denials top reason for eroding provider-payer relationship
Workforce
Male physicians have more net worth than female counterparts
Male physicians have more net worth than females
Operations
Healthcare execs more optimistic heading into the new year, survey finds
Health execs more optimistic heading into 2025
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Hospitals, physicians submit opposing views to FTC ruling on noncompetes
Hospitals, physicians submit opposing views to FTC ruling
Construction & Facilities Management
Cincinnati Children's undergoing $365 million expansion
Cincinnati Children's undergoing $365M expansion
Compliance & Legal
Mayo Clinic sues Sanford Health Plan over unpaid medical bill
Mayo Clinic sues Sanford Health Plan over unpaid medical bill
Policy and Legislation
CFPB to remove medical debt from credit reports
CFPB to remove medical debt from credit reports
Community Benefit
AMA pushes for stricter standards for hospital charity care policies
AMA pushes for stricter standards for hospital charity care policies
Accountable Care
NAACOS pushes ACO REACH extension after $1.54B in savings
NAACOS pushes ACO REACH extension
Acute Care
SDOH, tech key to advancing value-based care, says UHG
SDOH, tech key to advancing value-based care
Ambulatory Care
Cleveland Clinic and Amazon One Medical collaborate on primary care clinics
Cleveland Clinic and Amazon One Medical collaborate
Analytics
Richmond University Medical Center data breach affects 674,000
Richmond University Medical Center data breach affects 674K
Business Intelligence
Blue Shield of California appoints first female CEO
Blue Shield of California appoints first female CEO
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
Financial disincentives for providers who commit information blocking 
Financial disincentives for providers who commit information blocking 
Medicare & Medicaid
Record-setting enrollment for Affordable Care Act coverage
Record-setting enrollment for ACA coverage
Patient Engagement
HHS, Illinois reach agreement on disability rights laws
HHS, Illinois reach agreement on disability rights
Pharmacy
CVS unveils new prescription drug reimbursement model
CVS unveils new drug reimbursement model
Population Health
Weight loss drugs can save patients and healthcare dollars
Weight loss drugs can save patients and healthcare dollars
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Trends 2025: Telehealth's future faces a Friday deadline
Trends 2025: Telehealth's future faces a Friday deadline
Mergers & Acquisitions
Transcarent to acquire Accolade for $621 million
Transcarent to acquire Accolade for $621M
View more
Jan 05, 2018 More on Risk Management

SSM Health data breach compromised 29,000 patients after unlawful intrusion by employee

Investigation indicated employee targeted patients with prescriptions for controlled substances, local primary care doctor, system says.

Beth Jones Sanborn, Managing Editor

SSM Health has revealed a data breach that compromised the protected health information of 29,000 patients. The system said they learned of the breach on October 30, after discovering recently that a former employee inappropriately accessed medical records while working in the customer service call center.

The breach occurred between Feb. 13 and Oct. 20, 2017, and included demographic and various types of clinical information. The individual did not have access to any financial information, including credit or debit card numbers, SSM said.

[Also: Landmark $115 million settlement reached in Anthem data breach suit, consumers could feel sting]

After launching an internal investigation, SSM concluded that although the former employee accessed patient information from multiple states, it appeared his goal was to gain access to the medical records of a few particular patients who had a controlled substance prescription and a primary care physician within the St. Louis area.

"Out of an abundance of caution, SSM Health is notifying all 29,000 patients whose records were accessed by this individual, even if the access may have been for legitimate job functions. SSM Health has also reported the incident to the Office for Civil Rights and local law enforcement," the system said.

SSM has also undertaken corrective actions that include the new requirement of an additional identifier when patients request prescription refills from the call center, an in-depth review of internal policies and procedures, and strengthening employee access monitoring tools.

SSM will also provide identity theft protection at no cost to affected patients when requested. 

Data breaches seemed to reach a fever pitch in 2017, with many experts designating healthcare as the most attacked industry by cybercriminals. Moreover, experts also forecasted that the problem would get worse in 2018, now that hackers are fully aware of the value of healthcare information. Despite the circumstances in this case pointing to a more locally purposed invasion, were the perpetrator so inclined, there are plenty of predators out there who would be happy to get their hands on 29,000 sets of protected health information. Healthcare providers must take care to ensure that their system is capable of monitoring suspicious activity, and that there are sufficient safeguards in place to avoid abuse of that information.

Twitter: @BethJSanborn
Email the writer: beth.sanborn@himssmedia.com

News
Healthcare organizations ask HHS to delay quality measure reporting for ACOs Healthcare organizations ask HHS to delay quality measure reporting for ACOs The American Hospital Association and American Medical Association are among the 11 organizations signing the letter.