Annapolis, Md.-based Anne Arundel Medical Center's owner, Luminis Health, informed patients Jan. 20 that their information may have been compromised, as an unauthorized party accessed its email system.
The hospital became aware of the breach Sept. 3 and took steps to secure the affected email accounts, according to a post on Anne Arundel Medical Center's website.
An investigation was also launched and found that the unauthorized user had access to the hospital's employee email system between Aug. 26 and Sept. 14.
The investigation is ongoing, but Luminis Heath said it had determined that patient records including Social Security numbers, medical records, names and dates of birth could have been accessed during the breach.
"We have no reason to believe that this information was actually viewed by an unauthorized person, and we have no evidence that any patient information has been misused," the post said.
Luminis Health remains cautious and has mailed letters to the affected patients and will continue to do so until the investigation is completed.