After falling for email phishing schemes in February, two Wyoming Medical Center employees may have compromised the information of 3,184 patients, according to the Casper Star Tribune.
On Feb. 22, one employee at the Casper-based medical center opened a phishing email and clicked on the included link. On Feb. 25, a second employee opened another phishing email.
Although the hospital remains unsure of who was responsible for phishing scheme, whoever it was had access to the employees' email accounts for 15 minutes, according to Matt Frederiksen, WMC's chief compliance officer.
The accessible records included patients' names, medical record account numbers, dates of hospital service, birth dates and some medical information. Personal addresses, Social Security numbers and insurance information were not in the email records.
"They had access to limited patient information," said Mr. Frederiksen. "They never had access to our electronic medical record system."
Hospital spokeswoman Kristy Bleizeffer said there isn't evidence that that patients' health information was viewed, copied or acquired, according to the report.
WMC notified the affected patients April 20. It has also informed the U.S. Department of Health and Human Services Office for Civil Rights.