ROCHESTER, Minn. — Mayo Clinic is notifying more than 1,600 patients that their health records were illicitly accessed by an employee, who has since been fired.
The breach was confirmed on Aug. 5. While the files in question included names, dates of birth, medical notes and other personal information, no Social Security numbers or bank accounts were accessed.
“Access was limited in duration, and Mayo has no evidence that any data was printed or retained by the former employee,” according to the clinic’s announcement. “Social Security numbers, payment card information, or bank account numbers were not accessed. Therefore, affected patients do not need to take any actions in response to this incident.”
Each patient whose information was accessed will be directly contacted by Mayo Clinic. The files accessed included 1,131 Minnesota patients.
The employee who accessed the records was “a licensed health care worker,” although Mayo Clinic is not identifying the person.
While the breach was confirmed in August, it’s unclear when the employee actually accessed the documents.
"Mayo Clinic is strongly committed to protecting the privacy of our patients, and we sincerely regret that this incident occurred,” according to the clinic’s statement. “Mayo takes this matter very seriously and as a result of this investigation is reviewing its policies and procedures. Mayo will provide appropriate training and education regarding any changes to our staff.”