TAMPA, Fla. (WFLA) — More than 1 million patients and staff members were affected by a data breach at Tampa General Hospital (TGH) earlier this year.

The hospital announced on Wednesday that hackers gained access to the personal information of 1.2 million people during what it described as “a recent cybersecurity event” that lasted 18 days.

The hospital detected unusual activity on May 31, according to a TGH representative. An unauthorized third party accessed their computer systems to steal various files between May 12 and May 30.

According to TGH, those files may have contained, “names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record numbers, patient account numbers, dates of service and limited treatment information used by TGH for its business operations.”

The hospital’s electronic medical record system was not involved in the data breach.

Cybersecurity expert Dr. Thomas Hyslip told 8 On Your Side that the situation appears to be a ransomware attack that was stopped before it was too late.

“It is standard now,” Hyslip said. “They steal the files, they encrypt everything, and then they blackmail you. So they were able to prevent the encryption, and they didn’t have to pay the ransom to get their files back.”

A TGH spokesperson said encryption “would have significantly interrupted the hospital’s ability to provide care for patients,” but their monitoring system and cybersecurity team was able to thwart the attack.

The hospital is sending out letters to notify patients and staff members who were affected by the breach. It will provide credit monitoring and identity theft protection services to anyone whose Social Security numbers were exposed.

TGH also urged patients to check statements from their healthcare providers and insurance companies to make sure they are only billed for services they received.

Anyone affected by the data breach should keep a close eye on their credit report to check for unusual activity, Hyslip said. For added security, they can also call the credit bureaus to request a credit freeze, which would prevent new accounts from being opened in their name.

The data breach is under investigation by the FBI.