Lurie Children’s Surgical Foundation

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Lurie Children’s Surgical Foundation in Illinois involved unauthorized access to the personal data of nearly 2,000 patients. This incident occurred earlier in the year and was the result of a security breach at NextGen, a third-party company that provides electronic health billing software for the medical group[3].

The data compromised included names, dates of birth, addresses, and social security numbers. However, there is no evidence that health or medical records were accessed or impacted[3]. NextGen alerted the affected individuals on April 28 and offered two years of free identity monitoring, fraud consultation, and identity theft restoration services through Experian[3].

NextGen was alerted to unusual login and account activity on March 30 and April 14, prompting an investigation and measures to reinforce the security of its systems. Law enforcement was also contacted[3]. The breach is significant as it impacts a hospital that treats a large number of children insured by Medicaid, indicating an economic hardship for many of the affected families[2].

Lurie Children’s Hospital stated that their systems were not impacted by the breach, emphasizing that it was a third-party security issue[3]. The hospital is one of the largest pediatric providers in the Chicago area, and the Lurie Children’s Surgical Foundation is a medical group associated with the hospital[3].

Citations:

  1. https://www.luriechildrens.org/en/third-party-security-incident/
  2. https://www.wired.com/story/cybersecurity-marginalized-communities-problem/
  3. https://news.wttw.com/2023/08/09/personal-data-nearly-2000-lurie-children-s-hospital-patients-involved-third-party
  4. https://www.nm.org
  5. https://www.chicagobusiness.com/health-care/data-breach-lurie-childrens-hospital-patients
  6. https://www.stanfordchildrens.org
  7. https://consent.yahoo.com/v2/collectConsent
  8. https://www.ctinsider.com
  9. https://thebrunswicknews.com/news/national_news/lurie-children-s-hospital-patients-targeted-in-nonprofit-s-data-breach/article_121295a9-b098-5ccc-8d13-48fe631cc500.html
  10. https://www.torrancememorial.org
  11. https://www.wjol.com/data-breach-targets-lurie-childrens-hospital-patients/
  12. https://www.stopthebleed.org
  13. https://topclassactions.com/lawsuit-settlements/closed-settlements/lurie-childrens-hospital-data-breaches-class-action-settlement/
  14. https://www.osfcareers.org
  15. https://deal.town/chicago-tribune/lurie-childrens-hospital-patients-targeted-in-data-breach-PKC3VDZ59L
  16. https://www.essence.com/health-and-wellness/health-matters-prostate-cancer/
Breach Submission Date Aug 08, 2023
Converted Entity Name Lurie Children’s Surgical Foundation
Converted Entity Type Healthcare Provider
State IL
Individuals Affected 1,997
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes