An Indiana hospital has had to write to 12,000 people after malware breached its security defences to compromise a server used to collect personal data from web forms.
The affected individuals were mostly people who might have applied for jobs at Goshen Hospital in recent years plus some outpatients. Information put at risk includes names, addresses, and social security numbers, the hospital has told local media.
The malware remains unidentified beyond it being described as “a relatively common virus that is malicious,” which suggests an infection that remained undetected for some time. Patient records are isolated from the Internet and were never at risk