Security breach: Mailing machine wreaks billing havoc at New York hospital

Think data breaches involve only human misuse or errors? Think again. Out of 2,500 patient bills that Strong Memorial Hospital in Rochester, N.Y., mailed out on April 19, roughly half went to the wrong patients due to a malfunctioning automated billing machine, reports The Democrat and Chronicle.

The billing machine, which folds bills and puts them in envelopes, picked up several billing statements at once instead of individually. As a result some patients received their own bills as well as bills for at least one additional patient. Strong Memorial didn't learn of the problem until patients started calling the hospital about the extra bills.

The hospital sent letters of apology alerting patients to be on the look-out for potential misuse of their personal health information. The hospital notes that most bills don't contain the Social Security number, date of birth, diagnoses or charge details, as well as pointing out that it requires patients to provide photo identification to receive services. However, John Sileo, a Colorado-based identity-theft consultant, tells The Democrat and Chronicle that Strong Memorial's billing statements offer more than enough information for "anyone somewhat versed with fraud" to take advantage of.

To guard against a repeat performance of this snafu, the hospital has added a counter to the billing machine that ensures the number of statements equals the number of envelopes. In addition, hospital staff conducts spot checks per several hundred envelopes.

To learn more:
- read this article from The Democrat and Chronicle
- review this report from WHEC-TV