Hide caption WORCESTER — UMass Memorial Medical Center Inc. and UMass Memorial Medical Group Inc. will pay $230,000 to the state after two former employees for personal fraudulent purposes exposed the personal and health information of more than 15,000 state residents, Attorney General Maura Healey announced Thursday.
The two former employees in separate breaches over several years accessed patients’ information — including names, addresses, genders, dates of birth, phone numbers, Social Security numbers, clinical information and health insurance information — for fraudulent purposes, such as opening cellphone and credit card accounts, Internet accounts and utility service accounts, the AG announced in a news release.
The two UMass Memorial entities were told about the employees’ misconduct, but failed to properly investigate complaints, the AG’s office maintains in its complaint, filed last week along with a consent judgment in Suffolk Superior Court.
One of the former employees, Katherine Benitez of Webster, was hired in 2002, as a patient care associate and later as a unit secretary giving her access to paper and electronic medical records of patients. According to the AG’s complaint, while the woman’s initial employment letter stated the offer was subject to a CORI check, UMass Medical Center never conducted this check.