Central Florida Inpatient Medicine is notifying patients of an email data breach after a cybersecurity incident that affected 19,625 people.
From Aug. 21 to Sept. 17, 2021, an unauthorized party accessed an employee email account at the Lake Mary, Fla., hospitalist group, it said. It discovered the breach May 5.
The account contained patients' personal and protected health information, including diagnoses and treatment records, and in a limited number of cases, Social Security numbers and financial account information, according to the company.
The organization said the incident did not affect all of its clients and it has no evidence that any of the data has been misused.
Central Florida Inpatient Medicine is telling affected patients to review financial and medical statements for fraudulent activity. In response to the breach, the group said it has added technical safeguards to its email system, instituted multifactor authentication and provided more training to employees on the risks of malicious emails.
Editor's note: This article was updated June 17 at 12:55 p.m. CT.