Baltimore police are investigating a security breach at Mercy Medical Center that left an undisclosed number of patient records open to possible identity theft, according to the Maryland attorney general's office.
The hospital's vice president for corporate compliance sent a letter to the affected former patients on Monday, saying that a former employee might have gained access to patient records in order to apply for credit cards and loans.
A spokesman for the attorney general's office said he was unsure how many patients received letters.
But Hugh Williams, coordinator of the identity theft office of the state attorney general's office, said the number of people could be significant. He said he was unsure when the breach was discovered, and that people who received letters "should take them seriously. If they have questions about the authenticity, they should contact our office."
Officials at Mercy, in the 300 block of St. Paul Place, declined comment, citing a continuing legal investigation.
A state law passed last year requires businesses to promptly notify those potentially affected by a security breach or theft.