Chicago-based Sinai Health System is notifying 12,578 patients about a security incident that may have exposed their protected health information.
In October, the health system discovered that two employees had fallen victim to a phishing attack. Hospital officials took steps to secure the email accounts. Upon investigation, Sinai Health System said there is no evidence that patient information was removed from the email accounts.
Patient data that may have been exposed included names, addresses, dates of birth, Social Security numbers, health information or health insurance information.
Along with securing the email accounts, Sinai Health System had employees undergo additional cybersecurity training and enhanced its email filtering protocols. There is no evidence that patient information has been misused.