4-year long HIPAA breach uncovered

Riverside Health System in Virginia is notifying close to 1,000 patients of a privacy breach that occurred from 2009 to 2013. A former employee accessed the social security numbers and electronic medical records of 919 patients. The breach was only discovered during a random company audit. The employee has been fired. The Department of Health and Human Services also settled with Adult & Pediatric Dermatology for $150,000 over a breach of HIPAA privacy, security, and breach notification rules.