Up to 1.2 million Cook County Health patients could have had personal information leaked to hackers this year.
Perry Johnson & Associates, a company contracted to provide medical transcription services to the county, said an “unauthorized party” gained access to its network between March 27 and May 2, and obtained files containing personal health information.
In some cases, Social Security numbers, insurance information and clinical information like testing results, medications and health care providers may have been leaked to hackers, the company said.
Other patient information possibly exposed included names, dates of birth, addresses, medical record numbers, hospital account numbers, admission diagnosis and dates of service, according to Perry Johnson & Associates.
The company said it hasn’t found evidence that any identity theft or fraud has been committed using patients’ information.
“We value individuals’ privacy and deeply regret any concern that this incident might cause,” the company said in a statement.
Cook County Health stopped sharing information with Perry Johnson & Associates when it was notified in July of the company’s investigation into the breach, the health department said.
“CCH is committed to upholding our patients’ privacy. We apologize for this incident and will continue to work with our business associates to ensure that data is appropriately protected,” the health department said in a statement.
Patients possibly affected by the breach were notified and provided information about credit report monitoring and identity protection services.
Perry Johnson & Associates said it has bolstered its technical security and continues to review its safeguards “to help prevent something like this happening again.”
Potentially affected patients can call 833-200-3558 for more information.
