Fort Lauderdale, Fla.-based Holy Cross Hospital has notified nearly 10,000 patients that their protected health information and Social Security numbers may have been inappropriately accessed by a former employee for tax fraud purposes.

The hospital, part of the Catholic Health East health system, announced this week that the employee accessed patient health records from November 2011 to August 2013. Data accessed included patient names, dates of birth, addresses and Social Security numbers. When asked what type of PHI was accessed, Holy Cross officials did not immediately reply for comment.

[See also: More HIPAA enforcement coming and Ready or not: HIPAA gets tougher today.]

"The hospital’s investigation indicated that the employee may have intended to utilize the  information in filing fraudulent tax returns," according to a company notice. "The employee was terminated, and efforts are underway to prosecute this individual to the fullest extent possible."

This is the second breach for Holy Cross Hospital, according to data from the Department of Health and Human Services. Back in 2010, hospital employees managed to steal Social Security numbers and protected health information of some 1,500 patients. Because the 1,500 patients could not be identified, officials ended up notifying 44,000 patients of a potential breach involving their PHI.

[See also: How to survive (if not prevent) a breach.]