Bend, Ore.-based St. Charles Health System fired an employee who accessed almost 2,500 patient records without authorization, according to the Bend Bulletin.
St. Charles notified affected patients of the breach on March 16. The health system launched an investigation into the privacy violation on Jan. 16, finding the employee accessed up to 2,459 patient files containing names, addresses, dates of birth, health insurance information, driver's license numbers and health information between Oct. 8, 2014 and Jan. 16, 2017.
While St. Charles declined to name the employee and her title, officials confirmed she was a clinical care provider, according to the Bend Bulletin. She has since signed an affidavit stating she did not use or share any of the confidential patient information for the purpose of committing fraud or other crimes against the patients. She also said she viewed the files due to "curiosity," according to St. Charles.
"St. Charles has terminated the employment of the caregiver and implemented additional security measures to reduce the likelihood of a similar incident from happening in the future," the hospital wrote in a letter to affected patients, according to the Bend Bulletin.
St. Charles is updating its securing software and offering credit monitoring and identity restoration services to affected patients. The health system also established a confidential call center to answer patients' questions about the breach incident.
A St. Charles spokesperson declined to offer additional comment to Becker's Hospital Review.