VCU Health employee inappropriately accesses 4.7K patients' EHRs

Julie Spitzer - Print  | 

Richmond-based Virginia Commonwealth University Health System is alerting 4,700 individuals to a potential compromise of their or their child's EHR data.

Hospital officials discovered a "unusual pattern of accessing electronic health information" May 9, according to a VCU Health press release. An investigation revealed an employee had accessed information about thousands of patients and the services they received at VCU Health without a legitimate reason to do so. The health system has since terminated the employee.

VCU Health said the employee accessed the data throughout his or her employment between Jan. 3, 2003 and May 10, 2018, but that the information was accessed without malicious intent. Hospital officials do not believe any data has been or will be misused.

Potentially compromised data includes patients' full names, home addresses, dates of birth, medical record numbers, health care providers, visit dates, health insurance information and other medical information. In some cases Social Security numbers were jeopardized.

As a precaution, VCU Health is providing affected individuals with one year of free credit monitoring and identity theft protection services.

More articles on cybersecurity:

Children's Mercy facing class-action lawsuit after data breach
Viewpoint: 2 reasons healthcare privacy advocates must look beyond HIPAA
Cass Regional Medical Center hit with ransomware, suffers EHR downtime: Updated

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.