Omaha, Neb.-based Boys Town National Research Hospital is notifying 105,309 patients and staff after hospital officials discovered unusual activity on an employee's email account in May.
The hospital immediately engaged law enforcement to launch an investigation into the incident, and determined the unauthorized individual only accessed the employee's email account on one day, May 23.
Boys Town has not received any reports the information has been misused, but it is offering affected individuals 12 months of identity protection services at no cost.
Patients' and employees' names, dates of birth, Social Security numbers, diagnosis or treatment information, Medicare or Medicaid identification numbers, medical record numbers, billing/claims information, health insurance information, disability codes, birth or marriage certificate information, employer identification numbers, driver's license numbers, passport information, banking or financial account numbers, and usernames and passwords were potentially compromised in the incident.
"Boys Town takes this incident and the security of personal information seriously," the hospital's notification statement reads. "Upon learning of this incident, Boys Town moved quickly to confirm whether personal information may have been affected by this incident, to identify the individuals related to this personal information, to put in place resources to assist them, and to provide them with notice of this incident."