An employee at Johns Hopkins Hospital in Baltimore may have intentionally leaked the personal information of more than 10,000 patients, according to Dark Reading.
A report filed to the administrator of the state of Maryland's identity theft program found that 31 individuals with connections to Johns Hopkins have reported identity thefts since 20th January.
Members of the Johns Hopkins security department found that a single employee who worked in patient registration may have used her access privileges to review data on more than 10,000 patients while working at the hospital. Johns Hopkins has emphasised that the breach was not a hacking incident, but that the employee had access to the records as part of her job.
The hospital is offering credit monitoring and fraud resolution services, as well as US$30,000 in identity theft reimbursements to the 31 victims. It has also notified the other 10,000 patients whose records were in the database.
It claimed that the patient registration database contains no medical records, but it does contain sensitive data, such as addresses and Social Security numbers. Johns Hopkins officials say they do not know if the database was the source of the identity thefts.
See original article on scmagazineuk.com
