No indication of identity theft or fraud in Beacon Health data breach by employee

SOUTH BEND ― An employee for Beacon Health System was inappropriately accessing patient records over a period potentially extending over several years, according to the health system.

In a release posted on its site, Beacon said it became aware of the problem on Jan. 23, and then launched an "investigation to determine the full nature and scope of the employees’ activity to assess the volume of records that might have been involved."

Consumer advocate: Make sure online medical information is secure

The investigation determined that the individual had inappropriately accessed records that didn’t pertain to their job duties throughout the course of the individual’s employment from Nov. 19, 2018, to Feb. 24. It then began a comprehensive review of potentially accessed records to provide proper notification to individuals, according to the release.

Though there is no indication of identity theft or fraud resulting from the incident, the health system said it wanted its patients to know about the incident so they could take steps to protect their information, should they feel the need to do so.

When asked for additional details about the data breach, Beacon Health issued the following statement:

“We are committed to providing our patients with outstanding healthcare services and take our obligation to protect the privacy and confidentiality of our patients very seriously,” Heidi Prescott, a Beacon spokesperson, wrote.

“Upon learning of this event, we moved quickly to investigate and respond, assessing the security of our systems and identifying any impacted data. We have directly notified potentially impacted individuals, where address information exists, so that they may take further steps to help protect their information should they feel it is appropriate to do so.”

Breached data varied by individual

The employee performed duties related to registration, verification of benefits and assisted with patient placement within the hospital. Due to the nature of their job, access to some clinical documentation would periodically be necessary, according to Beacon.

The health system indicated that the accessible information varied per individual, but could include name, address, date of birth, Social Security number as well as clinical information and medical history.

More: HIPPA information from Health and Human Services

The hospital didn’t explain the intent of the employee. The breach involved records for 3,117 patients by the employees, according to the HIPAA Journal, which provides news, advice and updates on the Health Insurance Portability and Accountability Act.

Credit reports and fraud alerts

A spokesperson for the St. Joseph County prosecutor’s office had no additional information to provide. Though the Indiana attorney general does investigate data breaches, its “investigations are generally confidential until we file a lawsuit or a settlement,” Kelly Stevenson, press secretary, said via email.

Beacon said those with additional questions, can call an assistance line toll-free at 888-994-0277 or write to Beacon at 615 N. Michigan Street, South Bend, 46601.

In addition, Beacon pointed out that consumers can get a free annual credit report by visiting annualcreditreport.com or calling 877-322-8228. Consumers can also place a fraud alert on their credit files or initiate a freeze by contacting the three major credit reporting bureaus.

Email Tribune staff writer Ed Semmler at esemmler@sbtinfo.com.

This article originally appeared on South Bend Tribune: Data breach at Beacon Health could include Social Security medical info