Albia, Iowa-based Monroe County Hospital & Clinics began notifying around 7,500 patients Feb. 17 that their information may have been exposed in a phishing attack, according to the Des Moines Register.
In December 2019, Monroe County Hospitals & Clinics discovered that several employees had fallen victim to a phishing scheme. Upon investigation, the hospital determined that an unauthorized third party was able to access the email accounts between Oct. 28, 2019, and Jan. 20, 2020.
Patient data that may have been exposed included names, addresses, dates of birth, dates of services, medical record numbers, insurance statuses or payer types, diagnosis codes, reasons for visits and other clinical information. A limited number of Social Security numbers may have also been affected.
Immediately after discovering the phishing attack, Monroe County Hospitals & Clinics had employees reset their email passwords. Additionally, employees have undergone training regarding email cyberattacks.