TRENDING:

Breach May Affect 4 Million Patients

Computers Stolen from Chicago-Area Medical Group Howard Anderson (ismg_editor) • August 26, 2013    
Breach May Affect 4 Million Patients

The theft of four computers from a Chicago-area physician group practice may have exposed information on more than 4 million patients.

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion

Advocate Medical Group, in a public statement posted on its website, reports that the burglary of four unencrypted computers was discovered on July 15. An investigation confirmed that the computers contained patient information used by Advocate for administrative purposes. While the statement didn't say how many patients were affected, an Advocate spokesman told local news media more than 4 million may have been affected.

Information on the computers may have included names, addresses, dates of birth, Social Security numbers and certain clinical information, such as diagnoses, medical records numbers, medical service codes and health insurance information, according to the statement. Complete medical records were not on the computers.

If the numbers prove accurate, the breach would be the second largest incident reported since the breach notification rule took effect in September 2009 under the HITECH Act, according to the Department of Health and Human Services' breach tally.

The largest incident involving TRICARE, the military health program and its business associate SAIC, affected 4.9 million individuals in 2011.

Advocate is offering free credit monitoring services to those whose information may have been exposed.

So far, the physician group has no evidence that the computers were stolen for the information they contained, according to the statement. The group is working with local law enforcement authorities in an attempt to find the four devices.

In the wake of the incident, Advocate has enhanced security by adding an around-the-clock security presence at the location that was burglarized and evaluating what other facilities may need similar protections, the statement notes. "We have reinforced our security protocols and encryption program with associates," the statement adds.

Previous
Tips for Cryptographic Key Management
Next
Employing Roaming as Backup to Mobile Networks

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Securing the SaaS Layer
Securing the SaaS Layer
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.