The University of California, Irvine Medical Center says an employee improperly viewed medical information for nearly 5,000 patients.
Spokesman John Murray says Thursday that the records were accessed through the hospital's computer system between 2011 and March.
The information included patient names, addresses and physical details; medical record numbers and health information such as diagnoses, medications and test results.
Murray says it doesn't appear the employee saw Social Security or credit card information. He also says the worker apparently didn't remove or share any information.
However, the hospital is offering patients a year of free credit card monitoring and identity theft protection.
Murray says the employee was disciplined and police are investigating.