Another week, another EMR breach. This time, though, the apparent culprit is not a professional identity thief or a careless employee walking off with a laptop or USB drive, but a disgruntled former employee who also happens to be a physician.

A radiologist fired in February from a medical group that contracts with Griffin Hospital in Derby, Conn., reportedly hacked into the 160-bed hospital's PACS for a month following his termination. Using passwords belonging to other employees--and who had not given the physician permission to use their logins--this radiologist scanned through PACS records of 957 patients and downloaded image files from 339 of the patients, the hospital says. The downloaded files contained numerous patient identifiers, but not Social Security number or financial data, radiology news site AuntMinnie.com reports.

"This breach appears to have been a deliberate intrusion into Griffin's [PACS] system to view patient radiology reports," hospital President Patrick Charmel says in written statement.

The unnamed radiologist lost his hospital privileges Feb. 3, but continued to access the PACS from Feb. 4 until March 5, according to the hospital. Griffin officials grew suspicious Feb. 26, after patients complained that they had received unsolicited calls from the physician for radiology services at a competing hospital. Griffin Hospital publicly announced the security breach last week and has notified Connecticut Attorney General Richard Blumenthal.

To learn more:
- check out this AuntMinnie.com story (reg. req.)
- read this summary from Health Imaging & IT

Related Articles:
SPOTLIGHT: Health Net data breach brings first state HIPAA enforcement
New HIPAA rules shine light on remote access controls