Illinois-based Cook County Health and Hospitals System, a health system comprising two hospitals and more than a dozen community health centers in Cook County, has advised its patients of a possible breach of their protected health information.
The breach was experienced at the offices of Experian Health, a business associate of Cook County Health and Hospitals System. Experian Health is utilized to determine insurance eligibility and limited patient information is given to the business associate for this purpose.
The breach was suffered in March 2017 while an upgrade of Experian Health’s computer system was being carried out.An error resulted in the protected health information of 727 patients being sent to other healthcare systems by mistake. The PHI disclosed was limited and did not incorporate the sort information sought by cybercriminals to commit identity theft.
As the PHI was limited disclosure, and due to the fact that the information was sent to organizations covered by HIPAA Rules, the risk to patients is thought to be minimal. Up to now, Experian Health has not been warned of any unauthorized uses of the disclosed information. The breach was restricted to just patients’ names, medical record numbers, dates of birth, and account numbers.
After identifying the breach, Experian Health took steps to recover and secure the disclosed information and steps have been taken to prevent incidents of this type from exposing the PHI of patients in the future. Cook County Health and Hospitals System also looked into the breach and is happy with the actions taken by Experian Health to prevent similar breaches from occurring going forward.
Cook County Health and Hospitals System was made aware of the breach on August 1, 2017 and a substitute breach notice was made public on the health system’s website on October 2, 2017. All patients impacted by the breach have now been notified by mail and an official breach report has been sent to the Department of Health and Human Services’ Office for Civil Rights.