Medical Practice Employee Directs Accomplice to Steal Patient Data for a New Business

Personal details on hundreds of people who sought treatment at the Buffalo Heart Group were compromised by one of the practice’s doctors.

An unnamed third party was instructed by a physician, who at the time of the breach was working at the practice to "solicit patients in connection with the physician's new employment,” according to the medical group’s lawyers.

Hurwitz-Fine, Attorneys at Law, released the following statement:

"The Buffalo Heart Group, LLP, a local medical practice, uncovered a serious breach of its computer system that took place in the Spring, 2014 and affected between 500 and 600 of its patients.

"The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information (full name, date of birth, address, telephone number, e-superbills, appointment schedule) by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment.

During the last week of May 2015, Buffalo Heart Group began sending patient notification letters to affected individuals.