INDIANA — Indiana University Health (IU Health) has reported a data breach affecting a limited number of individuals, potentially compromising Social Security numbers and other sensitive personal information. The breach, first detected on November 8, 2024, impacted specific patient and employee data, and IU Health notified those affected on January 2, 2025.
According to IU Health, the breach may have included personal details such as addresses, ages, medical record numbers, diagnoses, and other treatment-related information. While the breach was primarily confined to a limited group of individuals, Social Security numbers were included for some affected persons.
“For a limited number of affected individuals, Social Security numbers were impacted by this incident,” IU Health stated. “These individuals will be offered 12 months of credit monitoring to help protect them from potential identity theft.”
The breach occurred due to unauthorized access to an IU Health team member’s email account, compromised between August 27, 2024, and October 2, 2024. IU Health stated that the incident was identified on November 8, 2024, and that immediate action was taken to secure affected accounts and systems. The health system has also implemented additional safeguards to prevent future incidents.
IU Health has set up a dedicated call center for affected individuals seeking more information about the breach. The call center is available from 9 a.m. to 9 p.m., Monday through Friday, at 1-877-721-3120.
This breach follows a previous incident in which IU Health experienced a compromise of accounts, though that incident did not involve Social Security numbers or financial data.
As part of its ongoing efforts to protect patient information, IU Health continues to monitor and improve its security systems.
IU Health encourages affected individuals to visit its official website or contact the dedicated call center for more details on the breach.
