Mercy Iowa City system hit by virus designed to collect personal data

Mercy Iowa City and Mercy Clinics officials announced today they will be sending out letters informing patients that their system was compromised in January by a virus designed to scour for personal data.

The hospital's statement noted that the organization has no proof that any data was collected or is being used improperly.

According to the media release, on Jan. 29, law enforcement representatives informed Mercy that a computer virus may have breached its system three days earlier.

Mercy noted that the potentially stolen information could include patient demographic information, including the patient's name, date of birth, or address; clinical information, including treatment and medications; or health insurance information, involving the name of the health insurer and the patient's policy number.

Hospital officials also said that in some instances, Social Security numbers also may have been included in the affected data packs.

Mercy set up a dedicated call center to answer questions from patients on the possible breech - (844) 787-6810. Mercy officials also say they have enhanced existing technical safeguards to protect sensitive information.

More information can be found on the Mercy website, mercyiowacity.org/privacy-incident.