Carle Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Carle Health, a healthcare services company based in Urbana, Illinois, has experienced multiple data breaches over the years, affecting various aspects of its operations and patient information.

2019 Phishing Attack

In September 2019, Carle Foundation Hospital suffered a data breach due to a phishing incident. Unauthorized access was gained to three Carle physician email accounts, leading to the compromise of some patient information. The information potentially accessed included patient names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plans. However, patient Social Security numbers and financial information were not contained in the compromised email accounts. This incident specifically affected certain patients who received cardiology or surgery services at Carle. The hospital stated that there was no indication the unauthorized person used or viewed the patient information in any way[1][4][16].

Health Alliance Data Breach

In a separate incident announced in February 2024, Health Alliance, part of Carle Health, filed a notice of a data breach after discovering that a subcontractor of one of its vendors experienced a data breach. This incident resulted in unauthorized access to consumers’ sensitive information, including names, Social Security numbers, addresses, member numbers, dates of birth, and health coverage information. Health Alliance began sending out data breach notification letters to all individuals whose information was affected by this security incident[2].

HealthAlliance Network Disruption

Another related incident occurred in October 2023, when HealthAlliance experienced a network disruption impacting some of the company’s computer systems. An unauthorized party gained access to portions of HealthAlliance’s IT network between August 18, 2023, and October 13, 2023. The compromised information may include names, addresses, dates of birth, Social Security numbers, medical information, health insurance information, and financial information. HealthAlliance sent out data breach letters to affected individuals in December 2023[5].

Vendor Security Breach

Carle Health also made patients aware of a vendor security breach affecting patients of Carle Cancer Institute Normal. This breach is an example of the various challenges healthcare organizations face in securing patient information across their network of vendors and partners[7].

Conclusion

These incidents highlight the ongoing cybersecurity challenges faced by healthcare organizations, including Carle Health. They underscore the importance of robust cybersecurity measures, employee training on phishing awareness, and the need for vigilant monitoring of third-party vendors to protect sensitive patient information.

Citations:

  1. https://www.securitymagazine.com/articles/90921-carle-foundation-hospital-suffers-data-breach-due-to-phishing-attack
  2. https://www.jdsupra.com/legalnews/health-alliance-files-notice-of-third-9082568/
  3. https://www.northwell.edu
  4. https://cyware.com/news/carle-foundation-hospital-hit-with-data-breach-compromising-patient-information-60210b17
  5. https://www.jdsupra.com/legalnews/healthalliance-notifies-264k-patients-1798361/
  6. https://health.mil
  7. https://pantagraph.com/news/local/carle-cancer-institute-normal-informs-patients-of-vendor-security-breach/article_c644524e-a088-578f-bbb9-c208e6417365.html
  8. https://www.wandtv.com/news/confidential-patient-information-breach-at-carle-health-system/article_80127de2-86ed-52b6-a8b8-adbfd61421ef.html
  9. https://healthnewsillinois.com/2018/08/01/unitypoint-health-notifies-illinois-patients-after-security-breach/
  10. https://www.wglt.org/local-news/2023-10-27/advocate-aurora-health-agrees-to-12-million-settlement-over-data-breach
  11. https://www.elsevier.com/solutions/researcher-tools
  12. https://www.beckersasc.com/asc-news/osf-carle-health-accused-of-noncompliance-on-price-transparency-laws.html
  13. https://www.securitymagazine.com/articles/99518-illinois-hospital-attributes-closure-to-ransomware-attack
  14. https://carle.org/home/carle-foundation-hospital-and-affiliate-privacy-no
  15. https://www.databreaches.net/carle-health-system-warns-of-data-breach-due-to-vendor-error/
  16. https://www.spamfighter.com/News-22439-More-than-1650-Patients-of-the-Carle-Foundation-Hospital-got-impacted-by-a-phishing-attack.htm
Breach Submission Date Oct 05, 2023
Converted Entity Name Carle Health
Converted Entity Type Healthcare Provider
State IL
Individuals Affected 679
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes