Providence Health & Services in Oregon is notifying about 5,400 current and former patients that a former employee may have improperly accessed their patient records.
Providence said in a statement Friday that it learned of the breach in May during an internal audit and had since fired the Portland-based employee.
The audit found the worker had accessed health records between July 2012 and April 2016. It says the worker viewed demographic and medical treatment information, and may also have seen insurance information and Social Security numbers.
The health care provider, however, says it does not believe the worker used or disclosed the information beyond seeing it.
Providence apologized for the breach, says it's taking steps to make sure it doesn't happen again and is offering those affected 24 months of credit monitoring.