Employees fell victim to a targeted phishing campaign, which may have exposed sensitive data for some patients, including Social Security numbers and health insurance information. Several employees of Sunspire Health, a nationwide network of addiction treatment facilities, fell victim to a phishing email campaign, which may have exposed personal patient information for about two months.Hackers were able to access some employee email accounts between Mar. 1 and May 4, but officials did not become aware of the cyberattack until sometime between April 10 and May 17. Officials did not give an explanation as to why the discovery took more than a month.