A hacker gained access to patient files at the University of Chicago Medicine’s physicians group, putting more than 1,300 people at risk for identity theft in what is the second improper release of health care information for city residents in two months.
The breach of information occurred within the network of Tinley-Park based ICS Collection Service Inc., a collection agency that was once retained by U of C for address verification and to help secure payment on past-due accounts, according to a news release from the medical center.
ICS recently notified U of C of the incident, which took place in July, stating that a website user viewed “protected health information” about 1,344 patients, including names, addresses, Social Security numbers, dates of birth, insurance policy numbers and payments, procedure codes, and physician names, according to a release from ICS.
ICS said it is unaware of any attempted or actual misuse of the data, but is offering free credit monitoring and identity theft consultation services for one year to those affected.
“While this potential breach of information occurred at a former third-party service provider, the Medical Center is committed to the confidentiality and security of patients’ protected health information and demands this same level of commitment from its business associates and vendors,” U of C said in the release.
In August, officials at Advocate Medical Group said computers were stolen containing patient information for roughly four million people who used Advocate Medical Groups doctors or services dating back to the 1990s.
The computers, inside a nondescript building in Park Ridge, northwest of Chicago, were stolen July 15, company officials said.
The computers didn't contain medical records but did hold patient information, including names, addresses, dates of birth, Social Security numbers and some clinical information such as treating physicians and department, diagnoses, medical record numbers, medical service codes and health insurance data, the company said in a release.
"Our number one focus right now are these patients," said Kelly Jo Golson, a company spokeswoman. "There's been no indication that this information was targeted, that these computers were targeted, no indication that this information has been used inappropriately."
The company said 24 hour security has since been placed at the building where the computers were stolen.
The medical group is the area's largest, with more than 1,100 physicians in more than 200 locations, including hospitals such as Advocate Christ Hospital in Oak Lawn and Advocate Lutheran General Hospital in Park Ridge. The company said only patients of Advocate Medical Group were affected.