Virginia Gay Hospital based in Vinton of Iowa state has suffered a data security incident, which might have led to disclosure of personal information of 5,030 patients.

"The incident was immediately investigated by the Virginia Gay Hospital, and letters were sent to possibly affected patients to alert and notify them about the phishing attack as well as to provide them information on the steps they could take in order to protect themselves," says a press release.

The Hospital discovered that one of their employees was prey to a phishing attack. Later, the hospital determined that an unknown third-party might have accessed some of the protected health information of certain patients contained in that employee's email account, including the patient names, social security numbers, dates of birth, and medical information of those who have received the outpatient services in the hospital.

The Virginia Gay Hospital hired a computer forensic firm to investigate and further determine what kind of information was impacted. "Although the Virginia Gay Hospital has not found any evidence that will suggest that the patient information has been accessed, copied, or misused by the intruder, they wanted to provide the notice of this data security incident, along with the information related to available resources," says the press release.