Ambucor Health Solutions, a Main Line HealthCare vendor that provides remote cardiac monitoring, has been a recent victim of a patient information breach. This breach involved Ambucor patients in other parts of the United States as well as nearly 4,500 Main Line HealthCare patients who were under Ambucor’s monitoring care. Ambucor has been working to investigate and take appropriate action.
Ambucor learned that a former employee—while employed at Ambucor—downloaded onto thumb drives information from Ambucor’s files, including data about Main Line HealthCare patients, and retained the thumb drives after his employment was terminated. The former employee is under investigation by federal law enforcement authorities on unrelated charges. Ambucor has been cooperating with federal law enforcement in that ongoing investigation. As a result, Ambucor recently received the thumb drives from federal authorities who had obtained them from the former employee. The former employee currently is incarcerated.
The downloaded information did not include social security numbers, credit or debit card numbers, medical insurance or Medicare/Medicaid numbers, or other financial information. However, it did include patient names, phone numbers, diagnoses, medications, date of birth, race, home address, testing data, test results, patient identification numbers, medical device information, Ambucor enrollment number, Ambucor enrollment date, Ambucor technician name, physician name(s), and the name and address of the practice where patients were seen.
“Across Main Line Health, the privacy and safety of our patients and staff is our chief priority,” says Pat LePore, chief compliance officer at Main Line Health. “While Main Line Health was not directly involved in this breach of patient information, we do sincerely apologize to those patients who were affected. As one of our vendors, Ambucor is held to the same privacy and confidentiality standards required of our employees, physicians and providers. We are in ongoing discussions with Ambucor to assure that they are mitigating and revisiting internal processes to ensure a similar situation does not happen in the future.”
At this time, Ambucor has received no information that any personal patient information has been misused. As a precaution, Ambucor is offering one year of identity protection services to all affected patients. The services include access to an Identity Restoration team and up to $1 million of identity theft insurance for covered expenses.
Patients who were affected will receive a letter mailed directly to their home during the week of November 14, 2016. The Individuals who believe they may have been affected should call Ambucor’s dedicated call center at 866.313.7993.
About Ambucor Health Solutions
Ambucor Health Solutions provides contracted ambulatory ECG and remote CIED device monitoring services for cardiologists and hospitals. Ambucor is based in Wilmington, Del.