Two University of Miami Hospital employees may have stolen and sold information from thousands of patients who visited the facility over a 22-month period, the medical school announced late Friday afternoon.

A press release stated UM learned of the breach from Miami-Dade police on July 18. “The two employees were terminated immediately,” the release stated, “and the university has taken steps to help patients who could be affected safeguard their personal information.”

A UM website said the employees “admitted improper conduct” and that the investigation is continuing. A UM spokeswoman said she had no information about how many patients records may have been taken. State records indicate that the UM hospital admits about 19,000 patients a year.

A Miami-Dade police spokeswoman said she did not immediately have additional information about the case.

The records that were possibly taken were “face sheets” in the registration process that include name, address, date of birth, insurance policy numbers and reason for the visit. The sheets contained only the last four digits of the person’s Social Security number, but UM noted that some insurers, including Medicare and Medicaid, use Social Security numbers as the policy numbers.

“We have no indication that medical records are at risk,” the statement said. The university delayed revealing the problem “to avoid hindering the criminal investigation.”

UM said patients who visited the hospital between October 2010 and July 2012 may be affected. Patients who visited other parts of the UM medical campus and were never at UMH are not affected, the medical school said.

For more information, UM patients can visit the incident website, www.umhdataincident.med.miami.eduor call 1-877-534-7033.