Thousands of patients were alerted in hospitals across New York, New Jersey, and Pennsylvania that their medical records may have been compromised by an outside contractor.

University of Pennsylvania Medical Center (UPMC), Grandview Health, Englewood Hospital and Medical Center, The Valley Hospital, Holy Name Medical Center and White Plains Hospital were among those affected.

Federal authorities notified North Carolina-based Medical Management LLC (MML) on March 16 that one of its authorized call center employees may have disclosed patient information to an unauthorized third party, according to a notice from Grand View Health in Pennsylvania.

The data included social security numbers, names and birthdates but there is no indication that medial history or treatment information was disclosed. The employee who allegedly leaked the information worked for the company from February 2013 to March 2015 and has been terminated.