Aspirus, OSF Healthcare join providers affected by Med-Data breach

Aspirus and OSF Healthcare have joined Memorial Hermann Health System and University of Chicago Medicine in notifying their patients of a 2019 data breach in which a former employee at revenue cycle management vendor Med-Data uploaded patients’ personal information.

Advertisement
Katie Adams

Four details:

  1. Med-Data discovered the breach in December and notified providers whose patients’ data was affected Feb. 8. 
  2. An internal investigation found that a former Med-Data employee saved client files to personal folders created on a public-facing website sometime during or before September 2019. The files uploaded to the website contained patients’ names and in some cases birth dates, Social Security numbers, addresses and healthcare data. Med-Data said it removed the files Dec. 17, 2020.
  3. Patient information was breached from Houston-based Memorial Hermann Health System; University of Chicago Medicine; Wausau, Wis.-based Aspirus; and Peoria, Ill.-based OSF Healthcare. Affected patients from all four health systems have been notified of the data breach.
  4. University of Chicago Medicine said almost 900 of its patients may have been affected by the security breach.
  5. Med-Data did not say whether it would press charges against the former employee who uploaded the information. The company is offering affected individuals a free year of credit monitoring and identity theft protection services. 

More articles on cybersecurity: 
Healthcare workers have access to 31K sensitive files + 6 other report findings
Does a vaccine passport violate HIPAA? Experts weigh in
More than 1 million affected by data breaches in March

Cybersecurity: Safeguarding employees in the age of scams

Recommended Live Webinar on Jun 25, 2025 11:00 AM - 12:00 PM CDT

Advertisement

Next Up in Cybersecurity

Advertisement

Comments are closed.