This week, DuPage Medical Group disclosed that it had identified and tackled a data security incident following a cyberattack that occurred in July.

The healthcare provider is currently informing 600,000 patients that their sensitive information such as names, addresses, dates of birth, treatment dates may have been exposed.

DuPage Medical Group Suffered a Cyberattack Back in July

According to the organization’s press release, between July 12 and July 13, DuPage Medical Group’s network has been accessed by “unauthorized actors” causing disruption to its network systems that lasted almost a week.

DuPage Medical Group became aware of the incident when its patients reported that they were having trouble calling doctors’ offices and accessing online computer medical records.

DMG immediately hired third-party cyber-forensic experts to help with the investigation and establish the full nature and extent of the attack.

What Did The Investigation Reveal?

The investigation showed that some documents containing patient-sensitive data may have been compromised following the cyberattack.

The exposed data allegedly included names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures, treatment dates, and even Social Security numbers for some of the patients.

According to the healthcare provider, there is no evidence of any patient’s confidential information being misused as a result of the data breach.

We take this incident seriously, and as an added precaution, DMG is offering credit monitoring and identify theft protection at no cost for those individuals affected and potentially affected by this incident.


People can also call 1-800-709-2027 between the hours of 8 a.m. and 8 p.m., Monday through Friday, or visit for additional information.

Steve Nelson, CEO of DuPage Medical Group assured patients that his team is constantly working to provide the best services, despite challenges related to cybercrime groups that have no respect for other people’s health.

The release noted that DuPage Medical Group has implemented additional cybersecurity measures and is reviewing existing security policies to further protect against future attacks.

Within 3 months, all the impacted organizations have to disclose data breaches of protected health information that involves over 500 individuals to the U.S. Department of Health and Human Services. They are also required to inform all the potential victims.

Medical Records of 12,000 Revere Health Patients Exposed in Phishing Attack

Healthcare Organizations Are the New Targets of Ransomware Attacks

How Every Cyber Attack Works – A Full List

Exposed: the 6 Need-to-Know Attributes of Advanced Cyber Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *