The breach took place between November 20 and December 7, the clinic said in a statement.
By signing into a staff member’s email account, an unknown person “potentially accessed” personal information, including patient names, addresses and phone numbers, according to the statement.