LSU Health Care Services Division began notifying patients Jan. 8 that a September cyberattack extended beyond the Baton Rouge, La.-based health system and also affected its partner hospital, University Medical Center-New Orleans.
In November, LSU HCSD reported that an unauthorized party accessed an employee's email account and compromised patient information. The unauthorized access occured Sept. 15, and the health system discovered and disabled the compromised mailbox Sept. 18.
In the Jan. 8 notice, LSU HCSD said it recently discovered that the employee's electronic mailbox also included information from University Medical Center-New Orleans.
Thousands of patients' information was contained in the email account. Data included patient names, birthdates and Social Security numbers.