In November, the health system sent a limited amount of information about patients who were part of the #keepingitLITE study to a third party who was instructed to mail patients study materials. The information sent to the third party included names, addresses and emails.
Cook County Health said that no health or other information such as dates of birth, Social Security numbers or health information was shared with the third party. The health system also said there is no evidence that patient information has been misused.
In an email to Becker’s Hospital Review, a Cook County Health spokesperson said that the health system now has a business associate agreement in place with the third-party vendor.
“Cook County Health takes privacy and security of our patients’ personal information very seriously and regrets that this incident happened. We have taken corrective action to continue to ensure the privacy and security of our patients,” the health system said in a statement.
More articles on cybersecurity:
Health systems should update computer systems in wake of Iran tensions, H-ISAC says
3 cybersecurity predictions for 2020
Former NYC hospital employee pleads guilty to hacking coworkers’ emails