Over a million people in Connecticut had their personal information compromised in a healthcare data breach.
The Community Health Center said exactly 1,008,519 people in Connecticut were impacted by a nationwide data breach, which affects a total of 1,060,936 people.
Attorney General William Tong said about 575,000 patients had all of their personal health information compromised, an additional 571,000 people had limited information breached and 4,200 employees were also impacted.
The Social Security numbers and COVID-19 vaccination records of 575,000 people were exposed in the data breach, 571,000 patients had just their vaccination records exposed and there were 4,200 employees, according to Tong's office.
Get top local stories in Connecticut delivered to you every morning. Sign up for NBC Connecticut's News Headlines newsletter.
The Community Health Center said information that has been accessed could include your diagnosis, treatment details, test results and health insurance, too.
Everyone impacted by the breach will be notified by the agency. Patients will also receive 24 months of credit monitoring at no cost.
The attorney general said the breach occurred through a vendor within approved software. It was reported on Oct. 14, 2024 and the breach was discovered on Jan. 2, according to officials.
Local
In a letter to patients, the health clinic said they believe the hacker was stopped within hours and there's no sign the information has been misused.
University of New Haven cybersecurity expert Vahid Behzadan said a breach with this type of information can cause a real risk for consumers.
He warns impacted patients to stay vigilant for suspicious activity in your credit profile or insurance, and to look out for suspicious messages coming from people pretending to be a healthcare provider, or from your insurance.
"The unauthorized disclosure of healthcare information such as diagnosis, test results and medications that patients may be on and can be a breach of personal privacy as well as professional privacy," Behzadan said.
He recommends data holders like the Community Health Center do routine vulnerability and security monitoring to try to get ahead of any breaches.