BA HIPAA Breach Warning for University of Pittsburgh Medical Center Patients

by | May 17, 2015

A Business Associate (BA) of the University of Pittsburgh Medical Center has issued a notification to  the healthcare center, and many other clients, of a HIPAA breach caused by a member of staff. The now former staff member is accused of having stolen the records of 2,259 patients.

Medical Management LLC – a medical billing company – was advised by federal law enforcement agencies that a member of staff at the company was thought to have stolen and disclosed confidential data and that the incident was being examined. The employee in question – who remain anonymous – was a worker in the company’s call center. That person has been accused of copying “personal information from the billing system” and disclosing the private information to a third party.

Patients affected by the breach of HIPAA are being sent breach notification letters from today to warn them that their personal information has been obtained and disclosed. They have been told that their names, dates of birth and Social Security numbers had been compromised. Breach notification letters will be received by all affected people in the next few days.

Not all UPMC patients have been affected by the breach, as the data stolen related to patients that had received treatment at UPMC emergency departments. Patients affected by the breach are being offered free credit monitoring services with Kroll Inc. for a period of a year wto help protect against identity theft, medical & insurance fraud.

UPMC’s vice president of privacy and information security, John Houston, outlined in a statement that attempts are being made to improve security to prevent future breaches of this nature happening again.

“We apologize for any anxiety or inconvenience that this incident may cause for our patients. We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

This is not the first time UPMC has had to react to a data breach. In late 2014 it was attacked by a hacker who managed to steal a database containing personal information of all 62,000 of UPMC’s employees.

Hackers infiltrated UPMC’s defenses in February, with the incident not being recognized until April. The investigation into the data breach showed that Social Security numbers, financial information, salary details, bank account numbers and other confidential information has been taken. In that privacy breach, at least 817 employees reported that their information had been used to carry out tax fraud.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy