DuPage Medical Group notifying 600,000 patients that their personal information may have been compromised
DuPage Medical Group notifying 600,000 patients that their personal information may have been compromised in cyberattack
By LISA SCHENCKER
CHICAGO TRIBUNE |
AUG 30, 2021 AT 3:56 PM
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack.
DuPage Medical Group, which is the state’s largest independent physicians group, experienced a computer and phone outage that lasted nearly a week in mid-July. The group worked with cyber-forensic specialists to investigate the incident and found that the outage was caused by “unauthorized actors” who accessed its network between July 12 and July 13, according to a DuPage Medical Group news release.
A DuPage Medical Group data breach may have affected 600,000 patients. Here’s what patients should know. »
The investigators determined Aug. 17 that certain files containing patient information may have been exposed. Compromised information may have included names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates. For a small number of people, Social Security numbers may have been compromised.
The medical group is not aware of any patient’s personal information being misused because of the breach, it said in the news release.
“The health care sector is under attack by cybercriminals who have no regard for the health or well-being of others,” Steve Nelson, CEO of DuPage Medical Group, said in a statement. “Our physicians and team members have worked tirelessly to provide personalized care for our patients, despite facing significant challenges.”
[Most read] Ask Amy: Family rift calls for a firm boundary »
DuPage Medical Group is offering credit monitoring and identity theft protection to patients who may be affected. People can also call 1-800-709-2027 between the hours of 8 a.m. and 8 p.m., Monday through Friday, or visit www.dupagemedicalgroup.com for additional information.
DuPage Medical Group has implemented additional cybersecurity measures and is reviewing security policies, it said in the news release.
A DuPage Medical Group building in Tinley Park on Oct. 29, 2020.
A DuPage Medical Group building in Tinley Park on Oct. 29, 2020. (Ted Slowik / Daily Southtown)
Cybersecurity incidents at health care organizations have become common in recent years. So far this year, 21 other organizations in Illinois have reported data breaches affecting at least 500 people, according to the U.S. Department of Health and Human Services Office for Civil Rights.
If 600,000 individuals were affected by the DuPage Medical Group attack, that would be the largest breach in Illinois so far this year by about threefold, based on information reported to the U.S. Department of Health and Human Services.
Federal regulations require organizations to report data breaches of protected health information involving 500 or more people to the U.S. Department of Health and Human Services within 60 days. They also must notify anyone whose data may have been compromised.
[Most read] Cannabis smoking lounges off to successful start in Illinois. ‘60- and 70-year-old dudes walking in with their tie dye.’ »
Significant cybersecurity incidents are now “the norm” at health care organizations, according to the 2020 Healthcare Information and Management Systems Society Cybersecurity Survey. About 70% of 168 health care cybersecurity professionals surveyed in the U.S. reported having a “significant security incident” in the last 12 months, according to the survey.
Those who responded to the survey indicated that phishing attacks were the most common type of cybersecurity incident. Phishing is when scammers send fraudulent emails or text messages to people to try to trick them into revealing personal information, company information or downloading malware.
By LISA SCHENCKER
CHICAGO TRIBUNE |
AUG 30, 2021 AT 3:56 PM
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack.
DuPage Medical Group, which is the state’s largest independent physicians group, experienced a computer and phone outage that lasted nearly a week in mid-July. The group worked with cyber-forensic specialists to investigate the incident and found that the outage was caused by “unauthorized actors” who accessed its network between July 12 and July 13, according to a DuPage Medical Group news release.
A DuPage Medical Group data breach may have affected 600,000 patients. Here’s what patients should know. »
The investigators determined Aug. 17 that certain files containing patient information may have been exposed. Compromised information may have included names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates. For a small number of people, Social Security numbers may have been compromised.
The medical group is not aware of any patient’s personal information being misused because of the breach, it said in the news release.
“The health care sector is under attack by cybercriminals who have no regard for the health or well-being of others,” Steve Nelson, CEO of DuPage Medical Group, said in a statement. “Our physicians and team members have worked tirelessly to provide personalized care for our patients, despite facing significant challenges.”
[Most read] Ask Amy: Family rift calls for a firm boundary »
DuPage Medical Group is offering credit monitoring and identity theft protection to patients who may be affected. People can also call 1-800-709-2027 between the hours of 8 a.m. and 8 p.m., Monday through Friday, or visit www.dupagemedicalgroup.com for additional information.
DuPage Medical Group has implemented additional cybersecurity measures and is reviewing security policies, it said in the news release.
A DuPage Medical Group building in Tinley Park on Oct. 29, 2020.
A DuPage Medical Group building in Tinley Park on Oct. 29, 2020. (Ted Slowik / Daily Southtown)
Cybersecurity incidents at health care organizations have become common in recent years. So far this year, 21 other organizations in Illinois have reported data breaches affecting at least 500 people, according to the U.S. Department of Health and Human Services Office for Civil Rights.
If 600,000 individuals were affected by the DuPage Medical Group attack, that would be the largest breach in Illinois so far this year by about threefold, based on information reported to the U.S. Department of Health and Human Services.
Federal regulations require organizations to report data breaches of protected health information involving 500 or more people to the U.S. Department of Health and Human Services within 60 days. They also must notify anyone whose data may have been compromised.
[Most read] Cannabis smoking lounges off to successful start in Illinois. ‘60- and 70-year-old dudes walking in with their tie dye.’ »
Significant cybersecurity incidents are now “the norm” at health care organizations, according to the 2020 Healthcare Information and Management Systems Society Cybersecurity Survey. About 70% of 168 health care cybersecurity professionals surveyed in the U.S. reported having a “significant security incident” in the last 12 months, according to the survey.
Those who responded to the survey indicated that phishing attacks were the most common type of cybersecurity incident. Phishing is when scammers send fraudulent emails or text messages to people to try to trick them into revealing personal information, company information or downloading malware.
