Crown Point, Ind.-based Franciscan Health sent letters to 2,200 patients that an employee had viewed their records "without a business reason," according to nwi.com.
Franciscan Health became aware of the incident after a privacy audit. The health system confirmed the data breach on May 24 following an internal investigation. The employee who accessed patients' data has also been fired, a spokesperson for Franciscan Health said.
Patient data accessed included names, addresses, email addresses, dates of birth, phone numbers, gender, race/ethnicity, last four digits of Social Security numbers and medical record numbers. Additionally, the employee had access to patients' physician information, medical conditions, lab results, medications, driver's license numbers and insurance claims.
Franciscan Health is offering affected patients two years of identity theft protection. Patients have been recommended to monitor their financial accounts, credit history and explanation of benefits statements.
There has been no evidence that the information viewed has been misused.
More articles about cybersecurity:
UMass Memorial Health Care alerts 4,600 patients of phishing attack
Cybersecurity issue and trends on the horizon: 3 Qs with Edward Elmhurst Healthcare CISO Don Fosen
Don’t overlook cybersecurity training — Why Lake Chelan Community Hospital CIO created his own cyber program