The largest independent physicians group in Illinois is notifying more than 600,000 patients whose information may have been compromised in a recent breach, DuPage Medical Group said in a statement Monday.
Through an investigation, the company determined that a July network outage was caused by unauthorized actors gaining access to its network, the statement says.
Patient information that may have been compromised includes names, addresses, dates of birth and diagnoses, according to the statement. Financial account numbers were not included, but social security numbers for a “small subset of individuals” may have been affected.
DuPage Medical says it's offering free credit monitoring and identify theft protection to those potentially affected by the incident.
Separately, Northwestern Memorial HealthCare reported a breach involving more than 201,000 patients to HHS in June. The health system recently notified patients about the breach involving cloud-based platform Elekta, which stores some oncology patient information.
An unauthorized individual gained access to the third-party's system in April and got a copy of its database, Northwestern said in a statement last week. The information may have included patient names, dates of birth, Social Security numbers, clinical information related to cancer treatment and other information. Financial account and payment card information was not involved. The hospital system says it's offering some individuals access to free credit monitoring and identity theft protection services.
A surge in cyberattacks on healthcare organizations during the COVID-19 pandemic prompted the Cybersecurity & Infrastructure Security Agency, the FBI and the Department of Health & Human Services last October to issue a warning “of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Meanwhile, Metro Infectious Disease Consultants reported a breach affecting More than 170,000 individuals to HHS on Aug. 16.
The practice recently said in a statement that an unauthorized third party gained access to some employees’ email accounts, which contained personal information like names, addresses, dates of birth, prescription information and social security numbers.
Metro Infectious Disease Consultants is notifying potentially impacted individuals and has arranged for complimentary identity protection and credit monitoring services for those whose social security numbers or driver’s license numbers were impacted.