Paducah-based Orthopaedic Institute of Western Kentucky has notified patients of a potential data breach that could have exposed the personal information of patients and staff.
On or around July 7, the practice became aware of suspicious activity relating to an employee email account and launched an investigation, according to a Dec. 20 news release.
Orthopaedic Institute of Western Kentucky discovered an unauthorized individual accessed several employee email accounts between June 24 and July 8. The group cannot confirm whether a particular person's information was accessed or acquired without permission.
The scope of information could include names, dates of birth, Social Security numbers and passport numbers as well as information related to bank accounts and health insurance.
The practice said it has changed employee email account passwords and secured the affected accounts. It is also implementing technical safeguards as well as training and education to prevent future breaches.