Florida officials announced Friday that hackers may have stolen the personal information and medical records of up to 30,000 Medicaid recipients in November.

In a new release, the state Agency for Health Care Administration said an employee fell for a “malicious phishing email” on Nov. 15.

An investigation was presented to agency leaders last Tuesday, according to the Associated Press. It found hackers may have partly or fully accessed enrollees’ names, Medicaid ID numbers, birthdates, addresses, diagnoses, medical conditions and Social Security numbers.

The agency said it had no reason to believe the information had been misused but set up a hotline and offered training on proper email security.

The breach follows a similar announcement last week from Oklahoma State University Center for Health Sciences, which may have accidentally provided a third party with Medicaid patient information.

As in the Florida case, those who information may have been shared weren’t notified until almost two months after the incident.