Virginia hospital employee accesses records for four years, gets fired

Share this article:

An employee with Riverside Health System in Newport News, Virginia has been fired for inappropriately accessing the medical records of nearly 1,000 patients over the span of four years.

How many victims? 919. 

What type of personal information? Social Security numbers and summaries of patient history are among the information that appears in Riverside's electronic medical records.

What happened? Following a random company audit, it was discovered that a Riverside employee had been inappropriately accessing the information.

What was the response? The employee has been fired. Riverside is notifying all those impacted in the breach and is offering them free credit monitoring services. To expand its auditing capabilities, Riverside is partnering with a company that offers patient breach and monitoring software tools.

Details: The random company audit was performed on Nov. 1. Following an investigation, it was determined that the employee had been inappropriately accessing the information from September 2009 to October 2013.

Quote: “Riverside would like to apologize for this incident,” Peter Glagola, a Riverside spokesperson, said. “We are truly sorry this happened. We have a robust compliance program and ongoing monitoring in place, and that's how we were able to identify this breach. We are looking at ways to improve our monitoring program with more automatic flags to protect our patients.”

Source: riversideonline.com, “Medical Records Inappropriately Accessed by Team Member,” Dec. 29, 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.

Cyberswim notifies customers that payment card data may be at risk

Malicious software installed on Sept. 24 may have compromised personal information for visitors that made purchases between May 12 and Aug. 28.