Advocate Aurora Health reported an email phishing incident at the Aurora Medical Center-Bay Area in Marinette, Wis., earlier this year.
The health system learned about the incident on Jan. 9 and launched an internal investigation. The investigation found that while intruders did not have access to the hospital's EHR, they did have access to employee emails that may have contained information about patients.
In connection with this incident, the health system reported an unauthorized person accessed the health system's human resources system and notified employees of the breach in February. However, further investigation revealed that the hacker also accessed employee emails, which the health system reported on April 17. There were potentially 27,137 individuals affected.
The health system reset email passwords for all employees at the hospital and has made "other technical system enhancements" such as implementing email filtering software to help employees identify phishing emails better in the future.
Advocate Aurora reported it is not aware of any improper use of patient information.