Illinois Clinic Says 503,000 Affected in Email Breach, Champaign County
Breach Type –
Hacking, Data Breach
GOV INFO SECURITY
April 12th, 2022
-
"A breach involving the compromise of a single user's email account at an Illinois-based multispecialty clinic has affected nearly 503,000 individuals. "
-
"Christie Clinic says it promptly launched an internal investigation to determine the nature and scope of the incident, and contacted federal law enforcement to mitigate the impact of the unauthorized access."
-
"The clinic's investigation confirmed that there was unauthorized access to the affected email account from July 14 to Aug. 19, 2021, and that intent of the unauthorized access was to intercept a business transaction between Christie Clinic and a long-standing, third-party vendor."
- "Information potentially contained in the affected email account included individuals' names, addresses, Social Security numbers, medical information and health insurance information,"
- "To date, Christie Clinic does not have any evidence of misuse of any patient information, but we have notified all individuals who have potential to be affected and notified all necessary regulators,"
Read More
31,000 patients' data compromised in Illinois health center ransomware attack, Cook County
Breach Type –
Hacking, Ransomware
Becker Hospital Review
February 16th, 2022
- "Family Christian Health Center reported that a ransomware attack had compromised the protected health information of 31,000 patients."
- "FCHC detected a ransomware attack on the health center's old dental system and electronic registration system. Attackers were able to access protected health information of patients who had received dental and healthcare services at the health center."
- "Patients who had received dental services prior to Aug. 31, 2020, had their names, birthdates, insurance card numbers, driver’s license numbers, and copies of their insurance cards and driver’s licenses compromised."
- "Patients who received healthcare services between Dec. 5, 2016, and Aug. 31, 2020, had their names, birthdates, addresses, insurance identification numbers and Social Security numbers compromised during the breach."
Read More
South Shore Hospital breach leaves 116,000 patients' data vulnerable, Cook County
Breach Type –
Hacking, Data Breach
Becker Hospital Review
February 15th, 2022
- "South Shore Hospital notified current and former patients about a cybersecurity incident that left 115,670 patients' protected information vulnerable."
- "The hospital was alerted that unauthorized activity was occurring on its network. The hospital activated emergency operating protocols and hired a security team to investigate the matter."
- "The attacker gained access to files that contained patients' and employees' first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare and Medicaid information."
Read More
Cyberattackers Hit Data of 80k Fertility Patients, State of Illinois
Breach Type –
Hacking, Data Breach
Threat Post
January 7th, 2022
- "The protected health information of nearly 80,000 patients of Fertility Centers of Illinois (FCI) may have been pawed over by cyber intruders following a cyberattack."
- "FCI runs four clinics across Illinois. According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ data breach site, the breach – reported on Dec. 27 – affected 79,943 people."
- “FCI’s data breach notice (PDF) said that the healthcare organization first detected suspicious activity on its internal systems on Feb. 1, 2021. A subsequent investigation indicated that security systems had blocked attackers from accessing patient EMR (electronic medical records) systems. However, the intruder(s) managed to access administrative files and folders."
- “The accessed files included some patients’ names, employer-assigned ID numbers, passport numbers, Social Security numbers, financial account information, payment card information, treatment information, diagnosis, treating/referring physicians, medical record number, medical billing/claims information, prescription/medication information, Medicare/Medicaid identification information, health insurance group numbers, health insurance subscriber numbers, patient account numbers, encounter numbers, ill health/retirement information, master patient index, occupational-health related information, other medical benefits and entitlements information, other medical ID numbers, patkeys/reason for absence, sickness certificate, usernames and passwords with PINs or account login information, and medical facilities associated with patient information."
Read More
Hackers had access to OSF Healthcare's IT systems for 6 weeks before outage, Peoria County
Breach Type –
Unknown, Data Breach
Becker Hospital Review
October 5th, 2021
- "Peoria, Ill.-based OSF HealthCare began notifying patients Oct. 1 that their protected health information was exposed for more than six weeks during an attack on its IT systems earlier this year."
- ”OSF HealthCare experienced a computer systems outage from April 23-25, which sent the health system into downtime procedures and protocols for two days"
- ”OSF HealthCare said the outage was the result of a data security incident. After investigating the incident, the health system discovered that an unauthorized party gained access to its systems from March 7 to April 23. As a result, the hacker was able to access certain files belonging to some patients at OSF Little Company of Mary and OSF Saint Paul."
- "Patient information exposed by the incident included names, birthdates, Social Security numbers, treatment details, prescription details and health insurance details. Financial information belonging to a "smaller subset of patients" also was exposed"
Read More
600,000 patients' info exposed in cyberattack on Illinois medical group, DuPage County
Breach Type –
Unknown, Data Breach
Becker Hospital Review
August 31st, 2021
-
"DuPage Medical Group is notifying 600,000 patients that their personal health information was exposed when the Downers Grove, Ill.-based medical group's computer network was hacked in July"
-
"DuPage Medical Group... discovered the unauthorized activity on its computer network July 13. As a result, the group shut down access to its network and medical records for nearly a week."
-
"The hacker had access to DuPage Medical Group's computer network July 12-13 and compromised the following information of the group's patients: names, birthdates, addresses, diagnosis codes, and Social Security numbers for a small number of people, among other details."
-
"No evidence that any information has been subject to actual or attempted misuse as a result of this incident."
Read More
Malware Attack Exposes IL Health Centers' Patient and Staff PHI, Cook County
Breach Type –
Unknown, Malware
Health IT Security
August 6th, 2021
-
“Dynamic Health Care, Inc. (DHC) of Illinois issued a data incident notice on July 16, notifying its patients and staff of “a recent event that may affect the privacy of information of certain nursing care facility patients and employees for whom it provides consulting, administrative, and back-office services,”
-
"DHC found malware on its computer systems on November 8, 2020"
-
“Through this investigation, DHC determined that in connection with the malware event, an unauthorized actor accessed certain systems within its network on or about November 8, 2020.”
-
"The breached data includes patients’ and/or staff members’ names, dates of birth, Social Security numbers, treating nursing care facility names, and may include a resident identification number and dates of admission and/or discharge, the notice states."
- “Following this incident, DHC took immediate steps to improve the security of its environment and increase its security posture. DHC is also implementing additional training and education to its employees to prevent similar future incidents.”
Read More
Lake County Health Department Announces Two Data Breaches Impacting Nearly 25,000 Patients, Lake County
Breach Type –
Unknown, Data Breach
Lake & McHenry Scanner
July 18th, 2021
- "The Lake County Health Department announced two data breaches, one of which occurred in 2019, that compromised the data of almost 25,000 people."
- -"…that the first breach, which was disclosed earlier this month, occurred after an unencrypted email was sent to an internal employee’s personal email address."
- “The spreadsheet consisted of medical records requests from December 2016 to June 2019 made through a third-party vendor who provides release of information services.24,241 people were impacted and the health department mailed them a letter on July 2 notifying them of the breach."
- "The second breach involved an unencrypted Google spreadsheet used by volunteers and staff, The spreadsheet contained names, dates of birth, phone numbers, email addresses and vaccination status of seniors seeking information on the COVID-19 vaccine."
- "705 people were impacted in the second breach and the health department has since notified them via mail about what happened."
- ”The health department determined no one’s personal health information was compromised in the first breach but federal authorities disagreed and said the information could have been compromised."
Read More
Cancer Treatment Centers of America Midwestern Regional Medical Center, Cook County
Breach Type –
Hacking, Data Breach
Becker's Hospital Review
March 25th, 2021
-
Email hack breached 104,808 patients' data
-
Compromised information may include patient names, medical data, and health insurance information
-
The affected email account has been disabled, and CTCA recommends that affected individuals monitor their benefit statements
Read More
Southern Illinois University School of Medicine, Jackson County
Breach Type –
Hacking, Data Breach
Health IT Security
March 11th, 2021
-
Vulnerabilities in Accellion's File Transfer Appliance were exploited by Clop ransomware threat actors
-
Compromised information for SIU School of Medicine patients may include names, dates of birth, SSNs, driver's licenses, treatment plans, and insurance information
-
SIU has terminated use of the FTA and is offering complimentary identity theft protection to those whose SSNs and/or driver's licenses were exposed
Read More
OSF Healthcare System, Peoria County
Breach Type –
Unknown, Data Breach
Data Breaches
October 20th, 2020
-
OSF health care system is forced to Mail letters to patients advising them of Blackbaud attack
-
OSF investigations of Blackbaud database determined that some sensitive patient information was exposed
-
The health system did not notify in a public release how many patients were being contacted
Read More
NorthShore University Health System, Cook County
Breach Type –
Unknown, Data Breach
Chicago Tribune
September 11th, 2020
-
Nearly 348,000 individuals potentially had information leaked
-
Names, birth dates, addresses, and medical information possibly accessed
-
University reported cyberattack to federal health agency
Read More
Northwestern Memorial Health Care, Cook County
Breach Type –
Unknown, Data Breach
Becker's Hospital Review
September 3rd, 2020
-
Northwestern Memorial Health Care was also a victim of large scale Blackbaud breach
-
Blackbaud notified many organizations of exposure that bad actors had gained access between Feb. and May
-
The bad actors were able to access a backup server taking donor and patient information, Blackbaud believes that the information is not being misused
Read More
R1 RCM, Cook County
Breach Type –
Unknown, Ransomware
Krebson Security
August 14th, 2020
-
R1 RCM had rendered servers offline in response to ransomware attack
-
The company has access to may forms of private personal sensitive data
-
It is believed the attack took place a week prior to public statements.
Read More
FHN Memorial Hospital, Stephenson County
Breach Type –
Phishing, Data Breach
Journal Standard
August, 3rd, 2020
-
The hospital notified its patients of bad actors gaining access to employee email accounts potentially exposing patients
-
To assess damages the hospital reviewed all the email attachments to evaluate potentially exposed patient information
-
Information that was accessed includes patients’ names, dates of birth, medical records, and/or Social Security numbers
Read More
Carle Foundation Hospital, Champaign County
Breach Type –
Phishing, Data breach
Security
September 14th, 2019
-
Hospitals in Illinois victim of phishing scam
-
Three hospitals suffered breach of data
-
Unspecified number of patients' information affected
Read More
Center for Vitreo-Retinal Diseases, Lake County
Breach Type - Ransomware
Data Breaches
November 29th, 2018
- Servers impacted by ransomware attack
- Hackers may have viewed private information of patients
- 20,300 patients potentially affected in data breach
Read More
Medspring Urgent Care, Cook County
Breach Type - Phishing, Data Breach
Data Breaches
August 9th, 2018
- Illinois Medspring employee falls victim to phishing scam
- Some patient personal information contained in email account
- 13,000+ patients potentially affected
Read More
BACK TO TOP