Chicago-based Midwest Orthopaedics at Rush has notified more than 1,200 patients their personal and health information may have been compromised in February when an unknown person accessed a physician's Gmail account.
By infiltrating the physician's email account, the unknown person had access to 1,256 patients' names, dates of birth and surgery dates and descriptions, according to a Chicago Tribune report.
The data breach was discovered Feb. 10, and since learning of the breach, Midwest Orthopaedics has eliminated the use of outside physician email accounts within its domain. Midwest Orthopaedics is also conducting annual training for employees on how to secure patients medical information, according to the report.
Law enforcement has not been notified of the data breach, but the physicians' group did notify HHS of the breach, according to the report.
More Articles on Data Breaches:
Data Breach at La Palma Intercommunity Hospital
GAO: Federal Agencies Need to Enhance Responses to Data Breaches
Michigan Long Term Care Security Breach Affects 2,595 Patients