Data breach at MetroHealth affected some patient records | #malware | #ransomware | #education | #technology | #infosec

CLEVELAND, Ohio — Some MetroHealth System patients are being notified of a privacy breach affecting patient records.

About 1,700 patients were affected, MetroHealth said in a recent statement. Letters to patients were mailed earlier this week.

On Nov. 13, 2021, during an upgrade to the health system’s electronic medical record system, a limited number of patients’ records were unintentionally affected, MetroHealth said. When some patient records were released, data pertaining to different patients also appeared in those records.

Patient names, appointment dates and care provider names were the only information that was released. No personal, financial or other health-related information was shared, MetroHealth said. The health system’s medical record partner informed it of the breach on Feb. 10.

Patients with questions can call 855-482-1315, 9 a.m. and 6:30 p.m., Monday through Friday, excluding some holidays.

In 2021, a ransomware attack put personal medical information from patients at MetroHealth Medical Center and several other local pharmacies at risk. And in 2020, The MetroHealth Foundation was affected by a ransomware attack, but the foundation told donors it did not keep financial or other sensitive information in the affected server.

MetroHealth saw more than 1.4 million patient visits in 2020, according to its annual report.