The Miami Herald reports that Florida's Barry University recently began notifying patients of its Foot and Ankle Institute that their medical records and personal information may have been accessed by hackers after a school laptop was infected with malware (h/t HealthITSecurity).

The malware infection was detected in May 2013 -- it's not clear why it took the university more than half a year to notify those affected.

Following the discovery of the breach, the university hired an outside computer forensic company to investigate the incident and remove the malware.

The university has not yet been able to determine how many patients were affected, though the range of information potentially exposed is extremely broad, including the patients' full names, birthdates, Social Security numbers, bank account numbers, credit or debit card numbers, driver's license numbers, medical record numbers, health insurance information, diagnoses and/or health information about treatments received at the institute.

All those affected are being offered a free year of access to a credit monitoring service.

Photo courtesy of Shutterstock.