NEWPORT NEWS -- Riverside Health System reported Sunday that hundreds of medical records were "inappropriately accessed" by an employee over a four-year period.
Riverside's Compliance Department determined an employee had accessed 919 medical records, including patients' social security numbers, a summary of patients' history and other information that appears in Riverside's electronic medical record, between September 2009 and October 2013, according to a Riverside report.
Officials tell 13News Now the employee was a female LPN who worked at a doctor's office, which is part of the Riverside Medical Group. She had been an employee for 13 years but has been terminated.
The breach was discovered during a random company audit on Nov. 1.
Riverside said they are offering free credit monitoring to patients affected by the privacy breach.
The company said they are attempting to send notification letters to all patients and next of kin to those known to be deceased, but they don't have current contact information for 76 patients.
If you believe that you may be affected and do not receive a notification letter, Riverside asks that you call 1-877-753-6854 to speak with someone.
"Riverside would like to apologize for this incident," said company Spokesperson Peter Glagola. "We are truly sorry this happened. We have a robust compliance program and ongoing monitoring in place, and that's how we were able to identify this breach. We are looking at ways to improve our monitoring program with more automatic flags to protect our patients."