[BreachExchange] DuPage Medical Group reports data breach

[Sophia Kingsbury]

https://www.chicagobusiness.com/health-care/dupage-medical-group-reports-data-breach

The largest independent physicians group in Illinois is notifying more than
600,000 patients whose information may have been compromised in a recent
breach, DuPage Medical Group said in a statement today.

Through an investigation, the company determined that a July network outage
was caused by unauthorized actors gaining access to its network, the
statement says.

Patient information that may have been compromised includes names,
addresses, dates of birth and diagnoses, according to the statement.
Financial account numbers were not included, but social security numbers
for a “small subset of individuals” may have been affected.

DuPage Medical says it's offering free credit monitoring and identity theft
protection to those potentially affected by the incident.

Separately, Northwestern Memorial HealthCare reported a breach involving
more than 201,000 patients to HHS in June. The health system recently
notified patients about the breach involving cloud-based platform Elekta,
which stores some oncology patient information.

An unauthorized individual gained access to the third-party's system in
April and got a copy of its database, Northwestern said in a statement last
week. The information may have included patient names, dates of birth,
Social Security numbers, clinical information related to cancer treatment
and other information. Financial account and payment card information was
not involved. The hospital system says it's offering some individuals
access to free credit monitoring and identity theft protection services.

A surge in cyberattacks on health care organizations during the COVID-19
pandemic prompted the Cybersecurity & Infrastructure Security Agency, the
FBI and the Department of Health & Human Services last October to issue a
warning “of an increased and imminent cybercrime threat to U.S. hospitals
and health care providers.”

Meanwhile, Metro Infectious Disease Consultants reported a breach affecting
More than 170,000 individuals to the Department of Health & Human Services
on Aug. 16.

The practice recently said in a statement that an unauthorized third party
gained access to some employees’ email accounts, which contained personal
information like names, addresses, dates of birth, prescription information
and social security numbers.

Metro Infectious Disease Consultants is notifying potentially impacted
individuals and has arranged for complimentary identity protection and
credit monitoring services for those whose social security numbers or
driver’s license numbers were impacted.

The Chicago Tribune first reported the DuPage Medical breach earlier today.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210831/81fdd4eb/attachment.html>