The five-hospital Riverside Health System in Newport News, Va. has announced it has discovered a security breach involving an employee who had inappropriately accessed 919 medical records spanning September 2009 through October 2013.
The breach was discovered during a random company audit on Nov. 1. After an investigation, Riverside's Compliance Department determined that the employee inappropriately accessed patient information over a four-year span, which included social security numbers, a summary of the patient history, and other information that appears in Riverside's electronic medical record (EMR).
The employee, who according to the Daily Press was a licensed practical nurse with Riverside Medical Group, has since been terminated, Riverside officials said in a statement.
Riverside is contacting the patients affected by this event, all of whom will be offered complementary three-bureau credit monitoring. The company has attempted to send notification letters to all patients and next of kin to those known to be deceased, but has been unable to locate current contact information for all affected patients.
