An employee of the facility opened a scam email that ultimately led to a breach in the healthcare system's protected network. The scammers had access to more than 39,000 patient records, which included personal health information, demographics and Social Security numbers.