Indiana-based Methodist Hospitals is currently notifying 68,039 patients that their protected health information may have been exposed in a data breach. The patient data that was potentially compromised includes the following:
- Names
- Addresses
- Health insurance information
- Group identification numbers
- Social Security numbers
- Financial account numbers
- Payment care information
- Medical record numbers and treatment information
In June, the health systems saw unusual activity in an employee’s email account prompting investigation. Methodist Hospitals determined that two employees fell victim to a phishing attack. Collectively, the unauthorized third-party had access to the email accounts between March 13 and July 8. Methodist Hospitals said there is no evidence that any patient information has been misused.