UC Irvine Medical Center says it is notifying 4,859 patients that there has been a data breach involving their medical information.
A UC Irvine Medical Center employee rummaged through patient records without a work-related reason multiple times over a four-year period — from June 2011 to March 2015 — hospital officials said Thursday.
Officials say their investigation has not shown any evidence that the employee accessed or electronically distributed private information such as Social Security numbers, driver’s licenses or state ID numbers or credit or debit card numbers.
The investigation, however, has shown the worker may have looked at other personal information such as birth dates, gender, medical record numbers, height, weight, allergy information, home addresses, employment status, employers and health-related details.
Hospital officials are in the process of alerting the patients whose records were breached and are offering them a one-year of credit monitoring and identity theft protection from ID Experts at no charge to them.
Hospital officials responded to the breach by hiring computer forensic experts to analyze the unnamed employee’s computer records and found no evidence the worker removed any patient information.
Law enforcement authorities have been notified, prompting an ongoing criminal investigation. The worker’s access to medical center computers has been removed and unspecified discipline has been administered.
—Staff and wire reports