Though the hospital has no reason to believe any personal information has been used to commit fraud or identity theft, officials said in a news release this week they are encouraging patients to protect themselves.
In a letter to the Iowa Attorney General's Office, the law firm representing Mercy Iowa City said the hospital determined than 60,473 Iowa residents may be affected.
Between May 15 and June 24, an unauthorized third party gained access to a an employee's email account. Officials did not specify how that happened but stated Mercy secured the account to prevent further access and launched an investigation with "a leading forensic security firm."
The news release said it was determined Oct. 3 that the account contained protected health information and other personal information, including Social Security numbers, driver's license numbers and medical treatment information, among other data.
On Nov. 13, Mercy began sending written notices to people whose information was included in the email account. The notices include steps they can take to protect against fraud or identity theft, such as reviewing their accounts and checking credit reports closely.
"Mercy deeply regrets any concern or inconvenience this incident may cause its clients," the news release said. "Mercy is reinforcing information security procedures with its employees and implementing changes to help prevent an incident like this from happening again."
People can obtain information by calling a toll-free inquiry line at (855) 914-4658 from 8 a.m. to 8 p.m. Monday through Friday.
(c)2020 The Gazette, Distributed by Tribune Content Agency, LLC.