(NECN: Josh Brogadir, Worcester, Mass.) - More than 2,000 patients at the University of Massachusetts Memorial Medical Center are being warned that their personal information may have been compromised.
A data expert said this could impact hundreds - if not thousands - of patients' confidential information.
At UMass Memorial Medical Center in Worcester, it was business as usual on a day in which the hospital announced what happened with confidential patient records inside was anything but ordinary.
There was an internal data breach, with its scope uncertain.
The hospital says a now former employee accessed 2,400 patient records, including social security numbers and dates of birth, and may have opened credit cards or cell phones in their names.
They believe that happened to up to four people.
Officials are not aware of any misuse of medical information.
The employee worked at the hospital from May 2002 to March 2014. What position he or she held has not been disclosed.
John Moynihan is a data security expert with Minuteman Governance.
"The Massachusetts Data Protection law calls for a fine of $5,000 per record accessed if the accesses were unauthorized. So, if you're talking a 12 year period, where this employee had unfettered access to databases, you're talking about the potential of hundreds of billions of dollars in fines," Moynihan said.
Moynihan added that this is the kind of information that can obviously be sold to third parties leading to identity theft.
"If you were a patient for the last 12 years, state and federal law allows you to have a free credit report per calendar year for all the major credit reporting agencies. You should definitely get a credit report if you were (a patient) during that period. I'm a patient there and I'm going to get one that's for sure," Moynihan added.
We reached out to both the Worcester County Distict Attorney's Office and Worcester Police to see if this man or woman has been charged with a crime. The Worcester D.A. had no information for us, and NECN never heard back from Worcester Police.
Patients seen between May 6, 2002 and March 4, 2014 who believe their information may have been misused are asked to call 877-218-3036 from 9 a.m. to 7 p.m. on business days and provide the reference number 4476042814.
For up-to-the-minute news and weather, be sure to follow us on Twitter and like us on Facebook.