Mercy Iowa City hospital this week reported that an internal email compromise and phishing email incident led to the exposure of personal information of some 60,473 individuals.
An attacker had compromised a hospital employee's email account and sent out phishing emails between May 15 and June 24, 2020. This ultimately led to the exposure of recipients' names, Social Security numbers, driver's license numbers, dates of birth, medical treatment information, and health insurance data. The hospital said in a letter to the affected individuals that it was not aware of any instances of fraud or identity theft as a result of the breach.
Mercy Iowa City is offering 12 months of free credit monitoring and identity theft protection for individuals whose SSNs or driver's license numbers were affected.
Read more here.