Mishawaka-based Franciscan Health is providing details of a data breach. The health system says an internal investigation found one of its employees accessed the protected health information of about 2,200 patients "without a business reason."
Franciscan says the vast majority of the affected medical records was limited to demographic information such as name, address, email address, date of birth, phone number, gender, race/ethnicity, the last four digits of Social Security numbers, and medical record numbers. Other records that were accessed include clinical data such as lab results, medications, driver’s license numbers, emergency contact information and insurance claims information.
In a small number of cases, the patients’ entire Social Security numbers were accessed.
However, the health system says there is no evidence that the employee downloaded, discarded or transmitted any of the accessed information. The employee is no longer employed by Franciscan Health and a spokesperson tells our partners at The Times of Northwest Indiana that law enforcement has been notified.
"We value patient privacy and deeply regret that this incident occurred," Patrick Maloney, president and CEO of Franciscan Health Hammond, Dyer and Munster, said in a news release. "We are grateful that our robust auditing process identified this privacy incident, and we continue to look for ways to provide strong privacy protections to our patients."
Franciscan Health has notified the impacted individuals by mail. Those people will also receive two years of identity theft protection at no cost and are being encouraged to monitor their financial accounts, credit history and Explanation of Benefits statements as extra precautions.