WILKES-BARRE, LUZERNE COUNTY (WBRE/WYOU-TV) — A local hospital is dealing with an alleged information breach affecting hundreds and hundreds of patients. The person behind it, they say, is one of their own workers.
Hundreds of patients of Geisinger Wyoming Valley Medical Center have been notified by the health care provider that their protected information may have been accessed by an employee in a non-permitted way.
The alleged information breach happened at Geisinger Wyoming Valley from July 2017 through this past March. According to a Geisinger news release, while the employee in question was authorized to access patient medical records, the individual checked out personal information of more than 800 patients when there was no business need.
Geisinger says the accused worker is no longer employed at the hospital and that it has contacted all of the affected patients in question.
“I would be so mad,” Loretta Van Orden, a patient at Geisinger Wyoming Valley told Eyewitness News. “Well, I would like to say another word but I can’t on camera.”
Loretta and Freddie Van Orden were informed about the data breach. Although the Van Ordens have been patients there, they’re not among the victims.
“We have to look at somebody that’s in charge,” Freddie said. “There has to be a, you know, they can’t pass the buck and push it downhill. I would find out who’s in charge.”
Geisinger’s Privacy Office was alerted about a Geisinger Wyoming Valley employee that was possibly accessing medical records without necessity back in March. The office confirmed that the employee accessed the records of over 800 patients between July 2017 and March 2020.
“You don’t know who to blame on that,” Freddie said. There has to be somebody overlooking the situation.”
According to the medical center, an investigation into the incident did not reveal malicious intent. However, the employee may have viewed patients’ names, dates of birth, social security numbers and contact information as well as medical conditions, diagnoses, medications, and other medical data.
“Geisinger is committed to protecting the privacy of our patients and members so we are actively exploring additional safeguards to protect our patients from a similar incident in the future,” Geisinger Assistant Privacy Officer Deb Beaver said in a press release. “We have no reason to believe the information was accessed to commit financial fraud or harm; however, out of an abundance of caution we are providing affected patients one year of identity theft protection free of charge.”
Geisinger officials say the person no longer works for the healthcare system. While they don’t believe the data is being used illegally, credit monitoring and identity theft protection enrollment instructions were provided to affected patients in their notification letters.
An Eyewitness News request for an on camera interview from Geisinger was denied. According to the news release, Geisinger says it sent notification letters to all of the more than 800 affected patients and offered them detailed credit monitoring and identity theft protection enrollment instructions.