Allegheny Health Network notified patients July 29 about a May phishing attack that compromised the protected health information of 8,000 patients.
On June 1, the Pittsburgh-based health system learned that an employee email account had been compromised between May 31 and June 1 after the owner of the account opened a phishing email link.
After the link was opened, the attacker was able to access files that contained patient information such as names, dates of birth, dates of service, medical records, ID numbers, medical history, conditions, treatments, diagnoses, addresses, patient phone numbers, driver's license numbers and email addresses.
The attacker also had access to some patients' Social Security numbers and financial account information.
Allegheny Health Network is offering two years of identity protection and monitoring services through Experian, at no cost, to the affected individuals.
It is currently conducting an investigation into the incident to gain more information about the breach.