Medical Informatics Engineering reported the number of people affected by the hack to the federal agency on July 23.
The Fort Wayne company announced June 10 that the attack on its main network and its NoMoreClipboard network began May 7 and was detected May 26. The company said the exposed information includes names, addresses, birthdates, Social Security numbers and health records.
A notice posted on the company's website said the hack affected patients of 11 health care providers. They include Texas-based Concentra, which operates more than 300 medical centers in 38 states; Franciscan St. Francis Health Indianapolis; and Rochester Medical Group in the Detroit area.
The hack also affected patients served by 44 hospitals and other radiology centers in Indiana, Ohio and Michigan, the notice said. The providers included the Indiana and Purdue university medical centers in Bloomington and West Lafayette, respectively.
An investigation by a team of third-party experts "indicates this is a sophisticated cyber-attack," the notice said.
Medical Informatics Engineering has offered free credit monitoring and identity protection services to affected individuals for two years. The company said it began mailing notice letters to affected individuals for whom it has a valid postal address on July 17.
Indiana Attorney General Greg Zoeller has urged all state residents to freeze their credit in the wake of the hack. He said his office is investigating the breach.
A list of affected providers can be found online at www.mieweb.com/notice/ .
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.