Cedar Rapids, Iowa-based Mercy Medical Center's patient information has been compromised as its former medical transcription service, Perry Johnson & Associates, experienced a cybersecurity incident.
An unauthorized party accessed PJA's systems, and on Oct. 5 the company learned that the systems contained information from Mercy. PJA informed Mercy Medical Center on Oct. 10, at which time the hospital conducted its own investigation and began notifying the affected patients.
PJA reported that the incident may have exposed details, such as patient names, dates of birth, addresses, Social Security numbers, medical record numbers, patient account numbers, and dates of admission, discharge and exam, according to a breach notification from Mercy.
Mercy Medical Center has since sent letters to potentially affected patients, notifying them of the incident and providing guidance on safeguarding against potential misuse of their information.
Chicago-based Cook County Health was another healthcare organization that had patient information compromised as a result of the vendor's breach.