Mercy Iowa City hospital has revealed a data breach that may have compromised the personal and health information of 60,473 patients.
According to a letter sent earlier this month, the security incident was discovered in June when an unauthorized party sent out phishing emails from a staff member’s account.
“On or about June 24, 2020, Mercy discovered that one employee’s email account had been used to send out spam/phishing emails,” the letter reads. “Upon conducting an investigation, Mercy determined that an unauthorized third party gained access to one Mercy employee’s email account from May 15, 2020 until June 24, 2020.”
