Cook County Health and Hospitals System
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Cook County Health (CCH) experienced a data breach due to a cyberattack on Perry Johnson & Associates, Inc. (PJ&A), an external vendor that previously provided medical transcription services for CCH. The breach was first detected by PJ&A, who informed CCH on July 21, 2023, that they were investigating a cyberattack. It was confirmed on July 26, 2023, that an unauthorized individual accessed PJ&A systems where CCH patient data was stored between March 27 and May 2, 2023[1][2][3][4][6][7][12][13][15][16][20][22].
The breach potentially exposed the personal information of approximately 1.2 million CCH patients. The compromised data included names, dates of birth, addresses, medical record numbers, encounter numbers, medical information, dates/times of service, and for about 2,600 patients, Social Security numbers[1][2][3][4][6][7][12][13][15][16][20][22]. PJ&A has stated that no credit card numbers, bank accounts, or usernames and passwords were accessed[13].
Upon learning of the incident, CCH ceased data sharing with PJ&A and terminated their relationship. CCH has been notifying affected patients and providing them with information on how to protect their data, including credit monitoring and identity protection services[1][2][3][4][6][7][12][13][15][16][20][22]. As of the knowledge cutoff date, there was no evidence that the exposed information had been misused for fraud or identity theft[4][15].
The breach has been reported to the HHS’ Office for Civil Rights as affecting at least 500 individuals, which is a requirement for breaches of this size[2][12]. PJ&A has been working with the FBI and external cybersecurity experts to investigate and contain the incident[1][2]. They have also implemented additional technical security measures to prevent future breaches[3].
Patients who may have been affected by the breach can call (888) 867-3881 for more information[1][6].
Citations:
- https://cookcountyhealth.org/compliance-notice/
- https://www.hipaajournal.com/cook-county-health-cyberattack-medical-transcription-firm/
- https://www.paubox.com/news/over-1-million-illinois-residents-face-data-breach
- https://www.chicagotribune.com/2023/11/04/after-major-data-breach-personal-information-of-12-million-cook-county-health-patients-at-risk/
- https://en.wikipedia.org/wiki/Chicago
- https://www.cbsnews.com/chicago/news/cook-county-health-warns-of-data-breach-for-1-2-million-patients-at-medical-transportation-firm/
- https://healthitsecurity.com/news/medical-transcription-service-data-breach-impacts-multiple-health-systems
- https://iic.ccsheriff.org
- https://www.nbcchicago.com/news/local/cook-county-health-data-breach-could-mean-blackmail-fake-medical-bills-and-years-of-headache-for-patients/3283438/
- https://www.idstrong.com/sentinel/another-medical-information-breach-out-of-chicago/
- https://www.databreachtoday.com
- https://www.hipaajournal.com/cook-county-health-1-2-million-breach-business-associate/
- https://www.bankinfosecurity.com/medical-transcription-hack-affects-12-million-chicagoans-a-23555
- https://www.cbsnews.com/?ftag=CNM-16-10abc6g
- https://www.nbcchicago.com/news/local/cook-county-health-data-breach-exposes-personal-information-of-1-2m-patients/3269006/
- https://abc7chicago.com/cook-county-health-data-breach-medical-information-personal-stolen/14009331/
- https://www.northwell.edu
- https://cookcountyhealth.org/top_stories/privacy-breach-public-notice/
- https://abcnews.go.com
- https://wgntv.com/news/cook-county/1-2m-patients-impacted-after-cook-county-health-data-breach/
- https://www.wkrg.com/mobile-county/davidson-high-school-principal-placed-on-administrative-leave/
- https://chicago.suntimes.com/news/2023/11/7/23950691/data-breach-potentially-affected-up-to-1-2-million-cook-county-health-patients
- https://www.cnn.com