A Purdue University security team discovered an unauthorized access file installed on certain computers at the West Lafayette, Ind.-based Purdue University Pharmacy in April. One month later, the team found malware on a computer at the Family Health Clinic of Carroll County, a Purdue affiliate, according to the Journal & Courier.
While the first incident was discovered in April, the file was installed Sept. 1, 2017. Patients' names, identification numbers, dates of birth, dates of service and medication information, as well as Purdue identification numbers, diagnoses, treatment and amounts billed might have been compromised. No Social Security numbers of personal financial data was stored on the computer.
The investigation found no evidence that the information had been misused, but it could not rule out the possibility.
In May, the security team discovered malware on a computer used to scan health insurance cards at the Family Health Clinic of Carroll County in Delphi, Ind. Potentially compromised information may have included patients' names and health insurance information and in some cases, patients' driver's license numbers and Medicare numbers.
Purdue officials found no evidence the information on the computer was misused, but again, could not rule out the possibility.
Purdue established a dedicated call center and mailed notices to 1,711 affected individuals. Those whose driver's license or Medicare numbers may have been compromised were offered one year of credit monitoring and identity protection services free of charge, according to the Journal & Courier.
More articles on cybersecurity:
12 healthcare privacy incidents in May
Aultman Hospital notifies 43k patients, affiliates of data breach
Minnesota mental health facility pays ransom to restore 6.5k patients' data