The Roanoke Times reports that a former employee of Parallon Business Solutions, a billing service used by Virginia's LewisGale Regional Health System, is being investigated for inappropriately accessing about 40 LewisGale patients' personal information (h/t Washington Post).
The former employee, who was fired after the breach was discovered, was provided with access to patient health information during the course of his or her job, and used that access to view the affected patients' names, Social Security numbers, home addresses and health insurance information between August 2012 and April 2013.
WDBJ reports that the former employee used the data to fraudulently obtain credit, open accounts, and lease an apartment.
While no charges have been filed in the case at this point, LewisGale said in a statement that "we support this person's prosecution to the fullest extent of the law."
All affected patients are being offered free access to credit monitoring services.