Chicago hospital burglary causes data breach
 |
According to a statement published on the facility's website, "at the time of the theft, the devices were undergoing a software upgrade and standard laptop security controls suspended; therefore, leaving personal health information for Northwestern Memorial’s home hospice and former home health patients accessible." That information may include Social Security numbers, names, dates of birth, addresses, patients' medical treatment profiles and payer information.
Letters have been sent to impacted patients or their families notifying them of the breach and the facility continues to work with the Chicago Police Department to identify the thieves and locate the devices. The hospital also is assisting those affected by providing a credit bureau monitoring service to alert them to potential identify theft.
"We regret and apologize for this incident and are taking decisive measures to mitigate the impact and prevent future breaches," the statement read "For example, we are reviewing the procedures that resulted in the process failure and limiting the number of patient records stored on laptop and tablet computers. We appreciate the trust that our patients and their families place in Northwestern Memorial and are committed to resolving this matter and assisting patients who have been affected."
The hospital's statement does not disclose the number of affected patients but providers are required to report the number to the Office of Civil Rights if the breach affects 500 or more individuals.
Beth Walsh,
Editor
Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.