Sentara Health, a nonprofit healthcare provider serving Virginia, Northeastern North Carolina, and Florida, has notified 1,620 patients about a potential insider breach involving their electronic medical records.Sentara Health’s Lab Services department hired an individual in December 2024 to process lab requisitions — orders from providers that explain the lab tests that need to be run for patients. The employee was a remote worker, and following a January 2025 virtual meeting with his manager, the manager raised concerns with the privacy team that the individual with whom the manager had been interacting may not have been the person who was initially hired for the position.The employee’s access to Sentara’s systems was immediately terminated pending an investigation, and Sentara later determined that the employee’s activity was consistent with a job-sharing scam. These scams involve an individual obtaining employment at multiple locations and farming out the work to other individuals in exchange for a percentage of the pay. On or around January 28, 2025, Sentara completed its review and confirmed that the record access involving the employee’s login credentials was consistent with the assigned work duties; however, it was not possible to confirm that the hired individual completed those duties. Other individuals who were not authorized to share the job duties may have accessed patient data on behalf of the hired employee.The potential unauthorized access involved patients who received lab tests between January 14 and January 23, 2025, and the types of information viewed may have included names, addresses, dates of birth, patient identification numbers, medical record numbers, telephone numbers, Social Security numbers, test order dates, test completion dates, and the name of the provider who ordered the tests.Notification letters were mailed to the affected individuals on March 28, 2025, and as a precaution, complimentary credit monitoring and identity theft protection services have been offered. Sentara Health is in the process of evaluating additional platforms for staff education, and technical security controls are being reviewed.The post [Sentara Health Identifies Job Sharing Scam and Potential Unauthorized EMR Access](https://www.hipaajournal.com/sentara-health-job-sharing-scam-unauthorized-emr-access/) appeared first on [The HIPAA Journal](https://www.hipaajournal.com).
Related Tags:
NAICS: 62 – Health Care And Social Assistance
NAICS: 622 – Hospitals
NAICS: 92 – Public Administration
Blog: Hipaa Journal
Associated Indicators: