Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

Employee Unauthorised Access to Medical Records in the US

What is Happening

A Cleveland-based healthcare system, MetroHealth, has disclosed an incident involving unauthorised access to medical records by an employee over a 15-year period. The breach, discovered in 2023, affected an undisclosed number of individuals. The accessed patient records contained names, birthdates, and clinical information, but no financial data such as Social Security numbers or banking information. MetroHealth has not found any evidence of misuse of the information thus far and is notifying affected individuals.

Perpetrator of the Incident

The unauthorised access to medical records was carried out by an employee of MetroHealth, whose job role and identity have not been disclosed in the provided information. The employee’s actions spanned multiple dates from 2008 to 2023, highlighting the insider threat that organisations often face in terms of privacy and security breaches. MetroHealth took immediate disciplinary action against the employee in accordance with its human resources policies.

Hacker’s Objectives

In this case, the objectives of the employee who accessed the medical records without authorization are not explicitly mentioned. However, the incident underscores the potential risks associated with insiders exploiting sensitive information, even if financial data was not accessed. Instances of insider breaches in the healthcare sector have previously involved the misuse or illegal sale of patient information. Snooping and unauthorized access to medical records can lead to criminal violations and breaches of privacy.


MetroHealth has stated that no evidence of information misuse has been found so far. However, the breach highlights the serious privacy and security concerns faced by affected individuals. MetroHealth is taking steps to strengthen privacy processes, procedures, and training to prevent similar incidents in the future. Victims of the breach may need to remain vigilant, monitor their personal information for any signs of misuse, and potentially take additional security measures to protect themselves from potential harm resulting from the unauthorized access to their medical records.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

Update Required Flash plugin