Carle Health
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Carle Health, a healthcare services company based in Urbana, Illinois, has experienced multiple data breaches over the years, affecting various aspects of its operations and patient information.
2019 Phishing Attack
In September 2019, Carle Foundation Hospital suffered a data breach due to a phishing incident. Unauthorized access was gained to three Carle physician email accounts, leading to the compromise of some patient information. The information potentially accessed included patient names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plans. However, patient Social Security numbers and financial information were not contained in the compromised email accounts. This incident specifically affected certain patients who received cardiology or surgery services at Carle. The hospital stated that there was no indication the unauthorized person used or viewed the patient information in any way[1][4][16].
Health Alliance Data Breach
In a separate incident announced in February 2024, Health Alliance, part of Carle Health, filed a notice of a data breach after discovering that a subcontractor of one of its vendors experienced a data breach. This incident resulted in unauthorized access to consumers’ sensitive information, including names, Social Security numbers, addresses, member numbers, dates of birth, and health coverage information. Health Alliance began sending out data breach notification letters to all individuals whose information was affected by this security incident[2].
HealthAlliance Network Disruption
Another related incident occurred in October 2023, when HealthAlliance experienced a network disruption impacting some of the company’s computer systems. An unauthorized party gained access to portions of HealthAlliance’s IT network between August 18, 2023, and October 13, 2023. The compromised information may include names, addresses, dates of birth, Social Security numbers, medical information, health insurance information, and financial information. HealthAlliance sent out data breach letters to affected individuals in December 2023[5].
Vendor Security Breach
Carle Health also made patients aware of a vendor security breach affecting patients of Carle Cancer Institute Normal. This breach is an example of the various challenges healthcare organizations face in securing patient information across their network of vendors and partners[7].
Conclusion
These incidents highlight the ongoing cybersecurity challenges faced by healthcare organizations, including Carle Health. They underscore the importance of robust cybersecurity measures, employee training on phishing awareness, and the need for vigilant monitoring of third-party vendors to protect sensitive patient information.
Citations:
- https://www.securitymagazine.com/articles/90921-carle-foundation-hospital-suffers-data-breach-due-to-phishing-attack
- https://www.jdsupra.com/legalnews/health-alliance-files-notice-of-third-9082568/
- https://www.northwell.edu
- https://cyware.com/news/carle-foundation-hospital-hit-with-data-breach-compromising-patient-information-60210b17
- https://www.jdsupra.com/legalnews/healthalliance-notifies-264k-patients-1798361/
- https://health.mil
- https://pantagraph.com/news/local/carle-cancer-institute-normal-informs-patients-of-vendor-security-breach/article_c644524e-a088-578f-bbb9-c208e6417365.html
- https://www.wandtv.com/news/confidential-patient-information-breach-at-carle-health-system/article_80127de2-86ed-52b6-a8b8-adbfd61421ef.html
- https://healthnewsillinois.com/2018/08/01/unitypoint-health-notifies-illinois-patients-after-security-breach/
- https://www.wglt.org/local-news/2023-10-27/advocate-aurora-health-agrees-to-12-million-settlement-over-data-breach
- https://www.elsevier.com/solutions/researcher-tools
- https://www.beckersasc.com/asc-news/osf-carle-health-accused-of-noncompliance-on-price-transparency-laws.html
- https://www.securitymagazine.com/articles/99518-illinois-hospital-attributes-closure-to-ransomware-attack
- https://carle.org/home/carle-foundation-hospital-and-affiliate-privacy-no
- https://www.databreaches.net/carle-health-system-warns-of-data-breach-due-to-vendor-error/
- https://www.spamfighter.com/News-22439-More-than-1650-Patients-of-the-Carle-Foundation-Hospital-got-impacted-by-a-phishing-attack.htm