The Kalamazoo, Michigan–based health system notified patients Wednesday afternoon.
Munson Healthcare announced Wednesday that it notified patients of a data security incident that occurred last year.
According to a press release, Munson discovered a data breach on January 16, determining that "one or more of the email accounts accessed between July 31 and October 22, 2019 contained identifiable personal and/or protected health information."
The information included in the affected email accounts were: "names, dates of birth, insurance information, and treatment and diagnostic information."
The Kalamazoo, Michigan–based health system stressed that not all patients were affected by the incident.
Munson added that it is sending notification letters to all affected patients and offering complimentary credit monitoring for patients whose Social Security numbers were in the email accounts.
"It is important to note that we have no evidence that any information has been acquired or misused by the unauthorized third party that accessed it," Lucas Otten, system director of information security for Munson, said in a statement. "Notification to affected patients is being provided so that affected individuals can take proactive steps to protect themselves."
Provider organizations continue to be among the most vulnerable companies to data breaches and cyberattacks, with a Black Book survey from November estimating that the total cost was projected to reach $4 billion by the end of 2019.
Last year, there were several high-profile data breaches and security incidents at hospitals across the country, including at Massachusetts General Hospital, Presbyterian Healthcare Services, and DCH Health System.
Jack O'Brien is the finance editor at HealthLeaders, a Simplify Compliance brand.