AP reports that Indiana University Health Goshen is notifying more than 12,800 job applicants and patients that their personal information may have been obtained illegally through a computer virus.
Hospital spokeswoman Melanie McDonald says the virus was discovered Dec. 22. An internet security company hired by the hospital was not able to determine whether any information was accessed, just that someone tried to access it.
McDonald said the hospital is sending letters to 12,374 people who applied for hospital jobs in the past several years and fewer than 500 patients who pre-registered for outpatient procedures over the internet that their names, addresses and Social Security numbers may have been compromised.
The South Bend Tribune, however, reports that for patients using the pre-registration site, the vulnerable information also included their insurance information.
This is the second breach reported by Indiana University in the past week. The first one affected 650,000 employees enrolled in a nutrition and exercise program.
The two breaches do not appear to be related, but IU Health Goshen was asked to confirm that they are unrelated. If I get a response or statement, I’ll update this post.
Note of March 20, 2012: When this incident was posted to HHS’s breach tool, the number affected was listed as 660. Presumably that number reflects the patients and not the job applicants.