California’s largest hospital system, Kaiser Permanente, was hit with a massive data breach that exposed sensitive medical data on over 69,000 patients.

The breach was disclosed to Kaiser Permanente patients in a letter on June 3. In that letter, it states that the breach was discovered on April 5, when officials found that an “unauthorized party” had gained access to a Kaiser employee’s emails. The emails contained “protected health information” on tens of thousands of Kaiser Patients. In a filing with the Department of Health and Human Services, it states that 69,589 people were affected by the breach.

The data exposed includes first and last names, medical record numbers, dates of service, and lab test results information. Social security numbers and credit card numbers were not a part of the exposed data.

“We terminated the unauthorized access within hours after it began and promptly commenced an investigation to determine the scope of the incident,” says Kaiser’s email to customers, which was shared by TechCrunch. “We have determined that protected health information was contained in the emails and, while we have no indication that the information was accessed by the unauthorized party, we are unable to completely rule out the possibility.”

It is not clear how the “unauthorized party” gained access to the emails, though the filing with the HHS labels it as a “Hacking/IT Incident.”

Story via Gizmodo