Norfolk, Va.-based Sentara Health investigated two remote workers hired to process lab requisitions after discovering they were operating outside the U.S. and may have misrepresented their identities.
Here are five things to know:
- The incident affects an undisclosed number of patients who received lab tests between January and April 10, according to a news release from the health system.
- Exposed information may include names, addresses, birthdates, patient ID numbers, medical record numbers, phone numbers, Social Security numbers, lab test orders, ordering providers and order dates.
- The issue came to light April 3 when a manager raised concerns to Sentara’s compliance department after noticing the individuals did not appear to match the identification photos submitted during the hiring process. The employees had been participating in virtual departmental meetings.
- Sentara’s privacy and cybersecurity teams launched an investigation, which concluded April 10. The probe found that while the individuals appeared to be performing their assigned duties, they were not located in the U.S., and Sentara could not confirm they were the same individuals officially hired.
- Sentara revoked system access for both individuals and began mailing notification letters to affected patients June 9. The system is offering complimentary credit monitoring and identity protection services.
