This week, DuPage Medical Group disclosed that it had identified and tackled a data security incident following a cyberattack that occurred in July.
The healthcare provider is currently informing 600,000 patients that their sensitive information such as names, addresses, dates of birth, treatment dates may have been exposed.
DuPage Medical Group Suffered a Cyberattack Back in July
According to the organization’s press release, between July 12 and July 13, DuPage Medical Group’s network has been accessed by “unauthorized actors” causing disruption to its network systems that lasted almost a week.
DuPage Medical Group became aware of the incident when its patients reported that they were having trouble calling doctors’ offices and accessing online computer medical records.
DMG immediately hired third-party cyber-forensic experts to help with the investigation and establish the full nature and extent of the attack.
What Did The Investigation Reveal?
The investigation showed that some documents containing patient-sensitive data may have been compromised following the cyberattack.
The exposed data allegedly included names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures, treatment dates, and even Social Security numbers for some of the patients.
According to the healthcare provider, there is no evidence of any patient’s confidential information being misused as a result of the data breach.
We take this incident seriously, and as an added precaution, DMG is offering credit monitoring and identify theft protection at no cost for those individuals affected and potentially affected by this incident.
People can also call 1-800-709-2027 between the hours of 8 a.m. and 8 p.m., Monday through Friday, or visit www.dupagemedicalgroup.com for additional information.
Steve Nelson, CEO of DuPage Medical Group assured patients that his team is constantly working to provide the best services, despite challenges related to cybercrime groups that have no respect for other people’s health.
The release noted that DuPage Medical Group has implemented additional cybersecurity measures and is reviewing existing security policies to further protect against future attacks.
Within 3 months, all the impacted organizations have to disclose data breaches of protected health information that involves over 500 individuals to the U.S. Department of Health and Human Services. They are also required to inform all the potential victims.