DuPage Medical Group hit with data breach that may affect 600,000 patients

Cyberattack fears are slowing digital transformation efforts among Asia's FSIs (Image welcomia / StockPhoto)
DuPage Medical Group experienced a cyberattack mid-July, causing a network outage and patients' information to be breached. (welcomia/StockPhoto)(welcomia / StockPhoto)

DuPage Medical Group experienced a security breach that reportedly may affect 600,000 patients, the group announced Aug. 30. Now, the medical group, Illinois' largest independent physician group, is mailing letters to notify patients of the cyberattack.

The unauthorized use occurred between July 12-13 and caused a network outage. On Aug. 17, after an investigation by cyber forensic specialists, the medical group determined patient information may have been reached by “unauthorized actors.”

The Downers Grove-based medical group has over 700 physicians in more than 100 locations.

RELATED: Memorial Health cancels surgeries, reverts to paper records as it responds to cyberattack

The security attack may involve patients’ personal information such as names, addresses, dates of birth, diagnosis codes and treatment dates. For a “small subset of individuals,” Social Security numbers may have been accessed, the medical group said.

To date, DMG has no evi­dence that any infor­ma­tion has been sub­ject to actu­al or attempt­ed mis­use as a result of this inci­dent, according to the statement.

A spokesperson for the medical group said the organization is notifying 600,000 patients that their personal information may have been compromised. It's the largest reported health-related cybersecurity incident in Illinois so far this year.

RELATED: Before attacking IT systems, hackers stole information from 147K patients, Scripps Health says

DMG said there is no evidence the information has been used by the attackers. But the group is offering credit monitoring and identity theft protection at no cost to those who may have been affected, and additional security measures have been implemented. A call center is being offered from 8 a.m. to 8 p.m. Monday through Friday at 800-709-2027.

According to the medical group’s statement, the security incident did not impact financial account numbers.

Healthcare organizations have been plagued by an uptick in cyberattacks in the past year as cybercriminals take advantage of the COVID-19 pandemic and disrupt operations at hospitals across the country. About 70% of 168 health care cybersecurity professionals surveyed in the U.S. reported having a “significant security incident” in the last 12 months, according to a survey from the Healthcare Information and Management Systems Society (HIMSS) last year.