The U.S. Department of Health and Human Services (HHS) revealed on Monday that the private information of 3.9 million people from across the country was exposed after the computer networks of an Indiana-based medical software company were hacked earlier this year.

Medical Informatics Engineering, which is based in Fort Wayne, Indiana , reported to the agency the number of individuals that were affected by the hack on July 23.

Earlier on June 10, the company revealed that its NoMoreClipboard and main networks were attacked on May 7 and the data security incident was detected nearly 20 days after on May 26. It said that the information that were exposed included names, birthdays, addresses, health records and social security numbers of affected patients.

The company posted on its website that the hack affected patients of 11 health care providers including Franciscan St. Francis Health Indianapolis, Gynecology Center, Inc. Fort Wayne, Rochester Medical Group, Open View MRI, and Concentra, which operates over 300 medical centers in 38 states.

The patients of 44 hospitals and other radiology centers in Ohio, Michigan and Indiana Bedford Regional Medical Center, Cameron Memorial Community Hospital, First Care Family Physicians, Fort Wayne Medical Oncology & Hematology, and Accustat Medical Lab, were also affected.

Medical Informatics Engineering said that as of June 2, they already started to contact and mail notice letters to their affected clients. On June 15, notice letters were sent to affected individuals with available address and these should reach them no later than July 25.

The company said that they are currently taking steps to improve the security of their systems. It also apologized for the incident.

"Remedial efforts include removing the capabilities used by the intruder to gain unauthorized access to the affected systems, enhancing and strengthening password rules and storage mechanisms, increased active monitoring of the affected systems, and intelligence exchange with law enforcement. We have also instituted a universal password reset," the company said.

Investigation conducted by a team of third party experts said that the breach was a sophisticated attack. The authorities also warned those affected by the hack to freeze their credit over concerns that their details could be used for financial fraud.

Medical Informatics Engineering has provided free identity protection and free credit monitoring services for those affected for a period of two years. They also urged those affected by the attack to inform their health care providers, credit card companies and health care insurers of the incident.

Photo: Nayu Kim | Flickr