Nampa, Idaho-based Saltzer Health, a physician group that joined Intermountain Healthcare in October, notified patients that some of their protected health information was compromised in an email breach that was detected on June 1.
The investigation revealed that an "unauthorized" individual had access to an employee's email account between May 25 and June 1, according to a Jan. 4 notice on Saltzer's website.
Saltzer conducted a review of the email account to determine which patients had been affected by the breach. Once the patients were identified, Saltzer conducted a manual review of internal records to verify patients' contact information so it could notify them about the breach, stated Saltzer's website.
Saltzer was unsuccessful in finding evidence about whether the attacker viewed or transferred emails to another computer from the account, and it is still unclear how many patients were affected. Affected information may have included names, contact information, driver's license numbers, medical information and, for some patients, Social Security numbers or financial information. Saltzer said it found no evidence that any information was used to commit identity theft or fraud.
The breach has been reported to HHS' Office for Civil Rights, Saltzer said on its website.