Data Breach at Illinois Healthcare System

Illinois healthcare system FHN has notified patients of a data breach that took place in February. 

An investigation was launched by the Freeport-based healthcare provider after it transpired that the email accounts of a number of employees had been compromised. 

According to a notice issued by FHN, the alarm was raised when suspicious activity was spotted within the compromised email accounts. FHN responded by securing the accounts and hiring a "leading computer forensic firm" to determine what had occurred. 

The investigation into the incident concluded on April 30 and determined that an unauthorized person accessed the accounts between February 12 and February 13. 

FHN stated: "The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the accounts. Out of an abundance of caution, we reviewed the emails and attachments contained in the email accounts to identify patient information that may have been accessible to the unauthorized person."

After reviewing the emails and attachments that were compromised in the incident, FHN found that sensitive data belonging to some patients had been accessible to the unauthorized third party. 

Information exposed in the data breach included some patients’ names, dates of birth, medical record or patient account numbers, health insurance information, and limited treatment and/or clinical information, such as provider names, diagnoses, and medication information.

In some instances, patients’ health insurance information and/or Social Security numbers were also identified in the compromised email accounts. 

"This incident did not affect all FHN patients, but only those patients whose information was contained in the affected email accounts," stated FHN.

FHN is offering complimentary credit monitoring and identity protection services to those patients whose Social Security numbers and/or drivers’ license numbers were exposed in the incident.

FHN announced on July 31 that patients had been notified of the data breach. The company said it was taking steps to prevent future cyber-incidents. 

"To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment, including enabling multi-factor authentication," stated FHN.

What’s Hot on Infosecurity Magazine?