Indiana Health University said Tuesday that some personal information, including Social Security numbers, was compromised in a recent cyberattack.
IU Health detected unusual activity on an employee's email account on Nov. 8, and upon further investigation with a third-party forensics firm, found that an unauthorized recipient had access to the account between Aug. 27 and Oct. 2, according to a news release.
Related: Ascension cyberattack hit 5.6M patients
The Indianapolis-based health system said compromised information may have included addresses, ages, medical record numbers, diagnoses and Social Security numbers. It began notifying affected individuals on Jan. 2 and is offering one year of credit monitoring to those whose Social Security numbers were leaked, according to the release.
IU Health did not disclose how many individuals were affected by the attack. A spokesperson said the breach did not affect operations.
IU Health is the latest in a slew of healthcare organizations affected by cyberattacks. In February, Change Healthcare reported a widespread attack that affected about a third of patient health records in the U.S. Kaiser Foundation Health Plan reported a breach in April that affected 13.4 million people, and Ascension reported an attack in May that affected 5.6 million people.
More than 700 healthcare-related breaches were reported in 2024, affecting 184 million patients, according to the Health and Human Services Department's Office for Civil Rights.