Hackers accessed the emails of two pediatric health system employees, exposing patient data.
Minneapolis-based Children's Minnesota said in May that it identified suspicious email activity in March and determined that an unauthorized party had breached the two email accounts between Feb. 29 and March 25. The health system reported to HHS that 7,260 individuals were affected.
The breached data related to some patients in the surgical services department and may have included names, dates of birth, insurance carriers, provider names, treatment cost data, medical record numbers, diagnostic codes, and procedure information.
The health system said it has since been "providing continued privacy and cybersecurity training to our staff and identifying additional safeguards that can be implemented to enhance the security of our email environment."