Indiana University Health reports data breach caused by compromised email account
Learn More
Indiana University Health (IU Health) is reporting a security breach caused by unauthorized access to an employee's email account.
The incident, discovered on October 18, 2024, exposed sensitive patient information over a two-week period from October 4 to October 18, 2024. IU Health secured the affected account and initiated an investigation, including engaging an external forensics firm. The investigation confirmed that the unauthorized party had access topatient information including:
- Patient addresses
- Age
- Medical record numbers
- Diagnoses
- Treatment-related information
IU Health claims that no financial information or Social Security numbers were compromised in the breach. They have not disclosed the total number of affected individuals.
The healthcare provider began notifying impacted patients on December 17, 2024, and has established a dedicated call center to address concerns and questions from those affected by the breach.
Update - as of 2nd of January 2025, Indiana University Health updated the incident report. The investigation with a third-party forensics firm revealed that the incident exposed:
- Social Security numbers
- Addresses
- Ages
- Medical record numbers
- Diagnoses
- Other personal information
The number of affected individuals is still not disclosed. IU Health began notifying affected individuals on January 2, 2025. The organization is offering one year of complimentary credit monitoring services specifically to individuals whose Social Security numbers were exposed in the breach
