Virginia's Riverside Health System recently announced that 919 of its patients' medical records, including their Social Security numbers and medical history, had been inappropriately accessed by a former employee from September 2009 to October 2013 (h/t PHIprivacy.net).

The breach was discovered during a random company audit on November 1, 2013.

All those affected are being offered free access to credit monitoring services. Riverside Health has been unable to locate current contact information for all affected patients, though, and is asking anyone who thinks they may be affected but hasn't received a notification letter to contact (877) 753-6854.

"We are truly sorry this happened," Riverside Health spokesperson Peter Glagola said in a statement. "We have a robust compliance program and ongoing monitoring in place, and that's how we were able to identify this breach. We are looking at ways to improve our monitoring program with more automatic flags to protect our patients."

It's not clear, though, why it took that "robust compliance program and ongoing monitoring" more than four years to detect a breach that began back in 2009.

Photo courtesy of Shutterstock.