PHI Breach Affects 600,000 DuPage Medical Group Patients

DuPage Medical Group, the biggest independent physician group based in the Illinois state, has begun informing around 600,000 patients regarding a security breach whereby their personal data and protected health information (PHI) were potentially exposed.

DuPage Medical Group discovered suspicious stuff in its computer system on July 13, 2021 and involved cyber forensic experts to carry out an investigation to find out the complete nature and extent of the breach. They established that unauthorized actors got access to its IT networks on July 12 and had continued access possibly right up until the breach was discovered on July 13 and its system was made secure.

A thorough analysis was done of all data on the networks that the hackers accessed and, on August 17, 2021, DuPage Medical Group affirmed that files including patient data were potentially affected.

The types of data possibly exposed in the security breach were different from one patient to another and might have involved these data elements: Names, birth dates, address­es, diag­no­sis codes, Cur­rent Pro­ce­dur­al Ter­mi­nol­o­gy (CPT) codes, and dates of treat­ment. The Social Security numbers of some patients were also affected, however, no financial data was compromised.

DuPage Medical Group stated the forensic investigators did not find any proof that indicates the actual or attempted misuse of any information kept on the impacted systems due to the security breach. Nevertheless, as a safety measure against identity theft and fraud, free credit monitoring and identity theft protection services are provided to all persons impacted by the incident.

There is no disclosure about the specific nature of the cyberattack thus it is uncertain if the attackers tried to use ransomware. DuPage Med­ical Group stated the security incident prompted an interruption to network systems and caused a “network outage.”

The current security measures of DuPage Medical Group were reviewed and extra cybersecurity protections are being implemented to minimize the threat of more cyberattacks. It will also make improvements to each element of its tech­nol­o­gy roadmap to provide bet­ter service to patients.