SSM Health Data Breach Exposes 29K Patient Records

A statement from SSM Health says a former customer service employee specifically targeted records of patients with controlled substance prescriptions.

SSM Health Data Breach Exposes 29K Patient Records

SSM Health is a non-profit organization which operates 20 hospitals and 63 outpatient facilities in the Midwest.

A Midwestern healthcare system has informed 29,000 patients of a data breach after a former call center employee improperly accessed medical records.

SSM Health released a statement last week indicating a customer service employee inappropriately accessed protected health information, including demographics and clinical information. The former employee did not have access to financial information, according to the statement.

The employee accessed the patient records between February 13 and October 20. SSM Health learned of the breach on October 30 and launched an internal investigation, reports STL Public Radio.

The investigation determined the ex-employee’s “illegal activities” specifically focused on the records of patients with controlled substance prescriptions and a primary care physician in the St. Louis area.

While the subset of patients was relatively small, SSM Health says it is not possible to determine the full scope of the breach, which is why all patients whose records were accessible to the former employee were notified. In many cases, says the healthcare system, access to the records would have been for legitimate work purposes.

SSM officials are working with the Office for Civil Rights and local law enforcement to better understand the breach and to make necessary changes to protect patient records.

SSM now requires an additional identifier when a patient requests a prescription refill and says it is working to strengthen employee access monitoring tools.

“We take very seriously our role of safeguarding our patients’ personal information, and we deeply regret any inconvenience or concern this situation may have caused our patients,” says Scott Didion, a privacy officer with SSM Health.

Identity theft protection is also being provided to affected patients at no charge upon request.

SSM is instructing any patient who did not receive a notification but believes their records may have been accessed to call 1-888-710-9205 for more information.

SSM Health is a non-profit organization which operates 20 hospitals and 63 outpatient facilities in Wisconsin, Oklahoma, Illinois and Missouri. The healthcare provider employs 1,600 physicians and 33,000 other individuals.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Amy is Campus Safety’s Executive Editor. Prior to joining the editorial team in 2017, she worked in both events and digital marketing.

Amy has many close relatives and friends who are teachers, motivating her to learn and share as much as she can about campus security. She has a minor in education and has worked with children in several capacities, further deepening her passion for keeping students safe.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference promo