Billings Clinic reported a data breach Friday that affected 8,400 people.
The hospital's security systems identified unusual activity with an employee's email account on May 14, according to a release from the organization. The account was hacked while the employee was traveling overseas.
The breach didn't involve patients' social security numbers, bank or credit card numbers or insurance information, according to the hospital. It also didn't involve the hospital's financial or medical files, according to the release.
The hospital has no indication that any information was misused, spokesman Zach Benoit said in an email.
After disabling the account, an investigation found that the hacker accessed the employee's emails and attachments, according to a hospital press release. The "vast majority" of leaked information from those emails was "used for scheduling purposes between 2008 and 2011," the release says.
The hacker could have had access to patients' names, dates of birth, contact information, medical record numbers, internal financial control number, diagnosis and limited medical services descriptions, Benoit said.
Benoit added that no email contained all of that information, and the information leaked about each patient varied.
Billings Clinic is contacting affected people and said it has a call center line dedicated to this issue at 1-833-228-5708.
Dr. Randy Thompson, the hospital's chief information officer, said in the release the organization takes the protection of patient data very seriously.
Earlier this year, the Clinic disclosed another email security breach that affected 949 patients who use the hospital's Atrium Pharmacy.