Large Hospital Breach Caused by Inside Inappropriate Access

Bon Secours Mary Immaculate Hospital in Suffolk, Va., is notifying about 5,000 patients after discovering a significant amount of inappropriate access to patients’ electronic health records from two employees inside the facility.

“During an April 2013 audit of a patient’s medical record, the health system identified suspicious access that prompted an investigation,” according to a notice the hospital issued. “The investigation revealed that two members of the patient care team accessed patients’ medical records in a manner that was inconsistent with their job functions and hospital procedures, and inconsistent with the training they received regarding appropriate access of patient medical records.”

The local newspaper Daily Press reports the employees were two certified nurse assistants who have been terminated, and that the breaches occurred between April 2012 and April 2013. The hospital started using the EHR in April 2012 and the breach was the first instance of a reportable security issue, a hospital official told the newspaper.

Local and federal law enforcement agencies are investigating the breach to determine if patient information was used illegally. Compromised information includes patient names, dates and times of service, provider and facility names, internal hospital medical records and account numbers that may have included Social Security numbers, dates of birth and treatment information.

The hospital is offering paid identity theft protection services to affected patients.

For reprint and licensing requests for this article, click here.