An unauthorized third party accessed a limited number of email accounts between July 21 and July 28 belonging to MCW employees, compromising patients protected health information. Patients’ names, home addresses, dates of birth, medical record numbers, health insurance information, dates of service, surgical information, diagnosis and condition and treatment information were contained in the email accounts. Social Security numbers and bank account information for a small number of patients were also affected.
After discovering the incident, the hospital disabled the accounts and mandated password changes to those compromised. MCW completed an investigation Sept. 20, but to this date, is not aware of any reports of identity fraud, theft or improper use of the information.
MCW is advising affected patients on best practices to protect their information, including reviewing statements they receive from health insurance providers. It is offering credit monitoring and identity theft restoration services to those whose Social Security numbers were potentially exposed.
More articles on cybersecurity:
Alleged incident at Experian Health exposes at least 700 Cook County Health and Hospitals System patients’ information
8 cybersecurity predictions for 2018
7 cybersecurity trends from 2017
