Over 100 Total Lots Up For Auction at Two Locations - WA 11/05, PA 11/06

Data of 600,000 possibly compromised in cyberattack at DuPage Medical Group

por John R. Fischer, Senior Reporter | September 02, 2021
Cyber Security Health IT
A cyberattack at DuPage Medical Group may have compromised the personal information of 600,000 patients
Personal information belonging to 600,000 patients of DuPage Medical Group may have been compromised following a cybersecurity attack on the healthcare provider’s network.

While no evidence suggests actual or attempted misuse, DMG is mailing letters to a broad and inclusive list of individuals directly. Among the possible information affected are names, addresses, dates of birth, diagnosis codes, CPT codes and treatment dates, as well as social security numbers for a smaller subset of patients. Financial account numbers were not impacted, DMG stresses.

The incident is the largest reported cybersecurity incident involving a healthcare entity in Illinois this year, according to the Chicago Tribune.

“The com­pa­ny has imple­ment­ed addi­tion­al cyber­se­cu­ri­ty mea­sures, and as part of DMG’s ongo­ing com­mit­ment to the secu­ri­ty of infor­ma­tion, is review­ing exist­ing secu­ri­ty poli­cies to fur­ther pro­tect against future inci­dents and improve our tech­nol­o­gy roadmap to bet­ter serve patients,” said the provider in a statement.

An inde­pen­dent, mul­tispe­cial­ty physi­cian group, DMG has more than 750 physicians and 120 Chicagoland locations. Unauthorized actors accessed its network between July 12 and July 13 and caused a network outage that affected computers and phones for nearly a week, according to the Tribune. Working with third-party cyber-forensic specialists, DMG investigated and determined on August 17 that parts of the network were affected and that certain files with patient information may have been impacted.

The provider is offering free credit monitoring and identity theft protection to those affected and potentially affected by the incident, and has set up a dedicated call center to answer questions. It is encouraging individuals to review account statements and explanation of benefits forms, and to monitor credit reports for suspicious activity.

Just prior to the incident, another took place in Las Vegas, in which the notorious hacker group, REvil, posted on its website images of Nevada driver’s licenses, passports and social security numbers belonging to patients at University Medical Center. The identities of the unauthorized actors at DMG were not revealed.

At least 21 other organizations in Illinois have experienced data breaches of protected health information belonging to 500 or more individuals this year, reports the Tribune. It adds that because more than 500 patients may have been impacted, DMG will have to report the incident to the U.S. Department of Health and Human Services within 60 days of discovering the breach, as well as to a prominent media outlet.

A report by CynergisTek in 2020 found that out of 1,000 hospitals and healthcare systems, only 44% met national standards for cybersecurity and had conformed to protocols outlined by the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF). Scores in some cases dated as far back as 2017.

The COVID-19 pandemic has only furthered these challenges, according to Axel Wirth, chief security strategist for MedCrypt. He says the adoption of telehealth, increase in consumerization, intellectual property protection and greater need for surge preparedness will force providers to rethink how they view and implement cybersecurity protection going forward.

“In order to utilize the promise of IT-enhanced care delivery we will need to recognize the new and increasing cyber risks and will need to develop a proactive approach to address them,” he said.

You Must Be Logged In To Post A Comment