The largest independent physicians group in Illinois is notifying more than 600,000 patients whose information may have been compromised in a recent breach, DuPage Medical Group said in a statement today.
Through an investigation, the company determined that a July network outage was caused by unauthorized actors gaining access to its network, the statement says.
Patient information that may have been compromised includes names, addresses, dates of birth and diagnoses, according to the statement. Financial account numbers were not included, but social security numbers for a “small subset of individuals” may have been affected.
DuPage Medical says it’s offering free credit monitoring and identify theft protection to those potentially affected by the incident.
The Chicago Tribune first reported the breach earlier today.
A surge in cyberattacks on health care organizations during the COVID-19 pandemic prompted the Cybersecurity & Infrastructure Security Agency, the FBI and the Department of Health & Human Services last October to issue a warning “of an increased and imminent cybercrime threat to U.S. hospitals and health care providers.”
Meanwhile, Metro Infectious Disease Consultants reported a breach affecting More than 170,000 individuals to the Department of Health & Human Services on Aug. 16.
The practice recently said in a statement that an unauthorized third party gained access to some employees’ email accounts, which contained personal information like names, addresses, dates of birth, prescription information and social security numbers.
Metro Infectious Disease Consultants is notifying potentially impacted individuals and has arranged for complimentary identity protection and credit monitoring services for those whose social security numbers or driver’s license numbers were impacted.