St. Mary's Regional Medical Center, Reno, Nev., has sent letters to about 128,000 patients informing them their personal information may have been compromised.
Officials said someone without authorization may have accessed a database that contained names, addresses and some Social Security numbers. The potential breach was discovered in April, but officials say notification was delayed because the database had to be reconstructed.
Investigators have found no evidence that identity theft or fraud has occurred. The 279-bed hospital said it will pay for a year of credit monitoring for people whose Social Security numbers were in the database.