At least 2,219 patients at McLaren Oakland hospital were notified this week that their personal data might have been accessed through a hospital computer.
Officials at the 328-bed not-for-profit hospital in Pontiac, Mich., became aware of a computer desktop file containing an unauthorized and unsecured link to a file containing patients' protected health information, according to a hospital statement.
The link was accidentally left open by an employee, but an investigation found no evidence of fraudulent or criminal activity, the hospital said.
McLaren, which has notified the affected patients, has implemented additional training to prevent a similar occurrence in the future. The Department of Health and Human Services, Office of Civil Rights has been notified of the incident.
Patients were sent a letter telling them to carefully review their financial information and credit reports for any irregularities and notify their financial institutions if any problems are discovered. The notification letter includes details on free identity theft monitoring and protection services offered through McLaren.