The Montefiore Medical Center Had Its Fourth Breach in 7 Months

  • NY-based clinic Montefiore is circulating yet another notice of a data breach to its patients.
  • This is again a case of internal patient data violation by one of the medical center's employees.
  • It is strange that an entity that strives so much for patient data safety is failing on it repeatedly.

Patients of the Montefiore Medical Center in New York have received the fourth notice of a data breach that affects them in just seven months. The culprit is reportedly an employee who abused his access to the clinic’s systems. The data accessed by that person includes patient names, medical record numbers, physical addresses, email addresses, dates of birth, and the last four digits of their social security numbers (SSNs). Credit card details and clinical details weren’t accessed.

The Montefiore Medical Center states that this happened in violation of its privacy policies and that all employees access only what they need for work-related reasons. Upon discovering the abuse, the employee was immediately suspended and will face the relevant legal consequences. The clinic discovered the violation thanks to the ‘FairWarning’ software that is deployed on its systems, monitoring the type of access that its employees engage in and alerting the administration about risky cases.

Although this sounds like a properly safeguarded system, that was the fourth breach notification that Montefiore had to distribute to patients. Here’s a summary of all recent notices:

April 2021 notice – Inappropriate access by employee occurring between January 2020 and February 2021. No numbers of affected individuals were given.

January 2021 notice – Incident occurred between June 2020 and November 2020, involving the illegal access of data by an employee. 1,787 patients were impacted.

December 2020 notice – Employee accessed patient data and attempted to engage in insurance fraud. The incident affected 670 patients.

September 2020 notice – Employee stole 4,000 patient records between January 2018 and July 2020.

In all cases, Montefiore fired the employees and reported them to the authorities to launch a criminal investigation. However, we see rampant violations and repeated insider incidents even though the medical center uses monitoring tools and is serious about it. Also, Montefiore’s announcement mentions that all employees go through criminal background checks before they are given access to the clinic’s systems.

If an entity with a strict code of conduct, monitoring systems in place, and detailed background checks suffers four data breaches from internal access violations, we can only imagine what happens with other medical service providers who follow more relaxed or even non-existent privacy protection and data security policies.

In conclusion, whatever clinic you may have visited in the past, and no matter what data protection procedures they claim to follow, be vigilant and treat all incoming communications with alertness. Abuse is always a probability - and given enough time, a certainty.



How to Watch Washington Wizards Games Online Without Cable

The Washington Wizards have been the surprise package of the NBA season so far, exciting fans all over the world with their...

How to Watch Philadelphia 76ers vs. Boston Celtics: Live Stream, Start Time, TV Channel, Odds, Predictions

The NBA regular season continues on Wednesday evening, with the Boston Celtics hosting the Philadelphia 76ers at the world-famous TD Garden in...

How to Watch Sacramento Kings vs. Los Angeles Clippers: Live Stream, Start Time, TV Channel, Odds, Predictions

The Los Angeles Clippers will be looking to return to winning ways as they battle it out against the Sacramento Kings in...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari