Protected health information from Riverview Health, based in Noblesville, Ind., was compromised following a social engineering attack.
The hospital discovered on Aug. 23 that an employee's email account had been breached, allowing unauthorized access to certain electronic files. Security mechanisms detected the intrusion and cut off access within an hour, according to an Oct. 24 news release.
On Sept. 3, Riverview Health confirmed that the compromised files contained protected health information, including medical record numbers, admission dates, diagnoses, medical details, names, dates of birth, and sex. No Social Security numbers, financial data, or bank account information were exposed, the hospital stated.
All affected patients are being notified, according to Riverview Health.