Blue Earth, Minn.-based United Hospital District is notifying 2,143 patients about a June 2018 phishing scheme.
A hospital employee's email account was compromised in a phishing attack June 10-27, 2018. After an investigation, the hospital determined Dec. 12 that the email account had contained patient information, including:
• Names
• Addresses
• Health insurance information
• Internal patient identifiers
The email account also contained a limited number of patients' medical treatment information, medical diagnostic information and Social Security numbers.
While the hospital is unaware of any reported cases of identity fraud or improper use of information as a result of the incident, United Health District is offering free credit monitoring and identity theft services to patients whose Social Security numbers were contained in the affected email account.
Editor's note: Becker's reached out to the hospital for comment. This article will be updated as more information becomes available.