The community-based healthcare system, Methodist Hospitals, from Gary, Indiana disclosed that sensitive and medical information of over 68,000 people may have been exposed after a successful phishing attack. Methodist Healthcare provides surgical and medical hospital services, employs over 2500 employees,  and is reported to have had over 195,000 patient encounters during 2018. A statement from Methodist Healthcare explains:  “In June 2019, Methodist learned of unusual activity in an employee’s email account. We immediately commenced an investigation, working with third-party forensic investigators, to assess the nature and scope of the email account activity.” The report also says that on August 7^th, 2019, the investigation determined that two employees fell victim to a phishing scheme that allowed a cybercriminal to gain access to their email accounts. The patient information that was possibly accessed includes the patient’s name, address, health insurance plan information, Social Security number, driver’s license number, passport number, username, password, payment card info, electronic signature, and the patient’s medical records. Methodist began sending notifications to all patients that may have had their information exposed and also reported the incident to state and federal agencies.  The full statement provided by Methodist Healthcare can be found at this address: https://www[.]methodisthospitals.org/wp-content/uploads/2019/10/Methodist-Hospitals-Website-Notice[.]pdf