Hagerstown, Md.-based Meritus Health began mailing notifications letters on Friday to more than 1,000 people whose data may have been stolen, after a routine audit revealed a security breach.
"An employee of a vendor that we work with to provide some services may have inappropriately accessed some private patient information," Mary Rizk, director of communications at Meritus Health, said in a statement. "We have no proof that any of this information has been used or misused in a manner to cause any harm."
The personal information at risk includes date of birth, age, gender and medical records such as treatment and diagnosis information. Meritus has also said that some Social Security numbers were also compromised.
Meritus officials said the information would have been accessed between July 2014 and April of this year and that only a small percentage of overall patients are affected.
More articles on data breaches:
8 members of 'theft ring' indicted following Montefiore Health System data breach
50 biggest data breaches in healthcare
Top 5 ways to protect hospitals from fines, breaches and lost accreditation