Lafayette (Ind.) Regional Rehabilitation Hospital began notifying 1,360 patients that their information may have been exposed in a phishing attack.
In November, Lafayette Regional Rehabilitation Hospital discovered that an employee's email account had been accessed by an unauthorized third party. Upon investigation, the hospital determined that the unauthorized user had access to the email account in July.
Patient data that may have been exposed included names, dates of birth, clinical information and treatment information. A limited number of Social Security numbers may have also been affected.
Lafayette Regional Rehabilitation Hospital said there is no evidence that patient information has been misused. The hospital is recommending patients review any statements they receive from healthcare providers.
"We deeply regret any concern or inconvenience this incident may cause our patients. To help prevent something like this from happening again, we are reinforcing education with our staff on email security and are working to enhance our email security tools," Lafayette Regional Rehabilitation Hospital said in a news release.