Indiana University Health, based in Indianapolis, reported a security incident involving a team member's email account that may have exposed limited patient information, including a small number of Social Security numbers.
The breach was identified Nov. 8 after unusual activity was detected on the team member's account. IU Health, according to a Jan. 7 news release, immediately launched an investigation and engaged an external forensics firm to confirm the security of its systems and determine the scope of the compromise.
The investigation revealed an unauthorized party accessed the email account between Aug. 27 and Oct. 2. Potentially affected information varied by individual but may have included addresses, ages, medical record numbers, diagnoses or other limited treatment details.
For individuals whose Social Security numbers were affected, IU Health said it is offering 12 months of complimentary credit monitoring services.
Notifications to affected individuals began Jan. 2, and a dedicated call center has been established to address concerns, according to the release.