Breach May Affect 4 Million Patients

Computers Stolen from Chicago-Area Medical Group
Breach May Affect 4 Million Patients

The theft of four computers from a Chicago-area physician group practice may have exposed information on more than 4 million patients.

See Also: Strengthening Defenses with ISO/IEC 27001 Standards: The Frontier of Canadian Cybersecurity

Advocate Medical Group, in a public statement posted on its website, reports that the burglary of four unencrypted computers was discovered on July 15. An investigation confirmed that the computers contained patient information used by Advocate for administrative purposes. While the statement didn't say how many patients were affected, an Advocate spokesman told local news media more than 4 million may have been affected.

Information on the computers may have included names, addresses, dates of birth, Social Security numbers and certain clinical information, such as diagnoses, medical records numbers, medical service codes and health insurance information, according to the statement. Complete medical records were not on the computers.

If the numbers prove accurate, the breach would be the second largest incident reported since the breach notification rule took effect in September 2009 under the HITECH Act, according to the Department of Health and Human Services' breach tally.

The largest incident involving TRICARE, the military health program and its business associate SAIC, affected 4.9 million individuals in 2011.

Advocate is offering free credit monitoring services to those whose information may have been exposed.

So far, the physician group has no evidence that the computers were stolen for the information they contained, according to the statement. The group is working with local law enforcement authorities in an attempt to find the four devices.

In the wake of the incident, Advocate has enhanced security by adding an around-the-clock security presence at the location that was burglarized and evaluating what other facilities may need similar protections, the statement notes. "We have reinforced our security protocols and encryption program with associates," the statement adds.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.