Memorial Hermann patients' personal data may have been compromised, hospital says

HOUSTON, Texas (KTRK) -- Memorial Hermann Health System is notifying patients of a recent data breach that may have compromised their personal data, including medical records and social security numbers.

In December 2020, Memorial Hermann said MedData, a revenue management service used by the hospital system that helps patients with things like Medicaid eligibility, workers' compensation and billing, had some of its data uploaded to a "public-facing website."

An investigation later revealed a former MedData employee had saved files to personal folders they created on the website sometime during or before September 2019.

Memorial Hermann said the files contained individuals' names along with one or more of the following information: physical address, date of birth, Social Security number, diagnosis, condition, claim information, date of service, subscriber ID (subscriber IDs may be Social Security numbers), medical procedure codes, provider name, and health insurance policy number.

It's unclear how many patients were affected.

MedData began contacting those patients who may have been impacted on Wednesday. The company has since implemented additional security controls and has blocked all file sharing websites.

It also updated internal data policies and procedures and even informed law enforcement.

If you're a Memorial Hermann patient and wish to know if you were impacted by this, call 1-833-903-3647.

You can also contact the Federal Trade Commission at 1-877-ID-THEFT (1-877-438-4338) or visit their website.