The health system said it became aware of the incident last summer and promptly began its investigation, which involved evaluating affected email accounts and testing the security of its email and computer systems.
On Jan. 24, Navicent Health determined affected email accounts contained some personal information, including names, dates of birth, addresses and limited medical information. A limited number of Social Security numbers may have also been affected, the health system said.
Navicent Health said it is unaware of any information misuse. The health system also said it is unsure whether any personal information was viewed in the cyberattack.
Patients who were potentially affected will receive a mailed letter from Navicent Health advising them of additional steps to take.
“We take our responsibility to safeguard personal information seriously and apologize for any inconvenience or concern this incident might cause. We are committed to taking steps to help prevent something like this from happening again, including evaluating additional platforms for educating staff and reviewing technical controls,” the health system said in a news release.
More articles on cybersecurity:
Healthcare gets a pulse check: 5 survey findings
Arizona Medicaid alerts 3,100 enrollees of privacy breach
Physician notes, medical info exposed after tech company fax server error
