MRT reports that once again, compromising employee email provides access for attackers:
Midland Memorial Hospital announced Tuesday there was a data security incident involving a limited number of patients’ personal information.
[…]
The hospital became aware on Oct. 13 that an unauthorized third party may have obtained access to an employee’s e-mail account on or about Oct. 10.
Read more on MRT.