Health system uncovers inside data breach
Riverside Health System in Newport News, VA, has fired an employee and is offering free credit monitoring to several hundred patients affected by a privacy breach that involved records covering four years.
The breach was discovered during a random company audit, according to a statement by company spokesperson Peter Glagola. After an investigation, Riverside’s Compliance Department determined that an employee had inappropriately accessed 919 medical records spanning September 2009 through October 2013. The information accessed included patients’ social security numbers, a summary of the patient history, and other information that appears in Riverside’s electronic medical record.
The employee was fired, and Riverside is contacting the patients affected by the breach. All will be offered complementary three-bureau credit monitoring. The company has attempted to send notification letters to all patients and next of kin to those known to be deceased, but it has been unable to locate current contact information for all affected patients.