Chicago-based South Shore Hospital notified current and former patients about a cybersecurity incident that left 115,670 patients' protected information vulnerable.
On Dec. 10, the hospital was alerted that unauthorized activity was occurring on its network. The hospital activated emergency operating protocols and hired a security team to investigate the matter.
The investigation found the attacker gained access to files that contained patients' and employees' first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare and Medicaid information.
South Shore said it will be implementing additional security controls like enforcing stronger password requirements, enabling multifactor authentication and creating more training surrounding data privacy and security for the hospital's employees.
Those affected by the incident will be provided with a 12-month complimentary membership to IDX's credit and CyberScan monitoring service, a $1 million identity theft reimbursement insurance policy and access to identity theft recovery services if needed.