A local hospital system is notifying more than 68,000 patients of a data breach in which their personal information may have been exposed.
Methodist Hospitals, with campuses in Gary and Merrillville, has been mailing letters to patients explaining to them the steps they can take to protect themselves against potential fraud.
In June, Methodist became aware of suspicious activity on an employee's email account, according to a news release. After an investigation, the hospital system learned in August that two staffers had fallen victim to an email phishing scam in which an unauthorized user gained access to their accounts, one on June 12 and from July 1 to 8 and the other from March 13 to June 12.
The hospital system said it has no evidence that information from the 68,039 patients was accessed, but it could not rule out the possibility. The data that may have been exposed included names, addresses, dates of birth, Social Security numbers, driver's license/state ID/passport numbers, credit card information and medical records.
"Methodist takes this incident and the security of personal information in its care very seriously," a company statement reads. "Upon learning of this incident, Methodist immediately took steps to ensure the security of its email environment and to investigate the activity.
"Methodist conducted a comprehensive review to identify the individuals whose information was present in the relevant email accounts and is in the process of notifying those individuals of the incident to provide them with further information regarding this incident. Methodist is also reviewing its existing policies and procedures and has reported this incident to relevant state and federal regulators, as required."
The hospital system is encouraging people who may have been affected by the data breach to monitor their credit reports and medical billing information for any suspicious activity.