Illinois health system alerts 2,700 patients of security incident with third party vendor

Cook County (Ill.) Health began notifying 2,713 patients Jan. 24 that their personal information may have been sent to a third-party vendor who did not have a business agreement with the health system at the time.

In November, the health system sent a limited amount of information about patients who were part of the #keepingitLITE study to a third party who was instructed to mail patients study materials. The information sent to the third party included names, addresses and emails.

Cook County Health said that no health or other information such as dates of birth, Social Security numbers or health information was shared with the third party. The health system also said there is no evidence that patient information has been misused.

In an email to Becker's Hospital Review, a Cook County Health spokesperson said that the health system now has a business associate agreement in place with the third-party vendor.

"Cook County Health takes privacy and security of our patients' personal information very seriously and regrets that this incident happened. We have taken corrective action to continue to ensure the privacy and security of our patients," the health system said in a statement.

More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers' emails

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Webinars

Featured Whitepapers