The health system launched an investigation after becoming aware of the security incident last summer. On Jan. 24, Navicent Health determined affected email accounts contained patients’ personal information, including names, dates of birth, addresses, limited medical information and a limited number of Social Security numbers.
The cyberattack did not affect the health system’s EHR system or network; it was limited to the employee email accounts, according to the report. Navicent Health has notified all patients affected by the cyberattack and is offering free identity theft protection services to patients’ whose Social Security number may have been compromised.
“We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause,” the health system said in a news release. “We are committed to taking steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls.”
More articles on cybersecurity:
Microsoft emails users about data breach within customer support platform
45% of consumers think they can keep PHI safer than providers
Pregnancy tracking app raises privacy concerns over data shared with employers