A limited number of employees at University of Cincinnati Health were targets in a phishing attack that may have exposed patients' protected health information, according to the HIPAA Journal.
Between July 6-12 an unauthorized party gained access to an unknown number of employee email accounts. UC Health has been unable to determine if the hacker viewed or copied any information stored on the email accounts.
Patient data found in the email accounts included names, dates of birth, medical record numbers and some clinical information.
UC Health is still identifying the number of patients that have been affected. The university plans to send out notification letters to affected patients in the coming weeks.
Since the breach, UC Health announced plans to adopt enhanced email security and will reeducate employees on phishing attacks and other malicious emails.