The Illinois Bone & Joint Institute (IJBI), which operates more than 100 clinics in the Chicagoland area, detected unauthorized access to its computer systems on July 4, 2024. Hackers gained access to the network on May 30, 2024, and remained within the system until July 4, when they were ejected. Despite the security breach, IJBI’s facilities remained open throughout the incident, ensuring that care was continuously provided to patients without disruption.
A forensic investigation into the breach revealed that files containing sensitive information were copied from IJBI’s network. The compromised data included personal information for both patients and their dependents, such as names, addresses, dates of birth, Social Security numbers, diagnosis and treatment details, as well as health insurance and claims information. While the data was copied, IJBI emphasized that no evidence has been found indicating misuse of the stolen information.
In response to the breach, IJBI has offered complimentary credit monitoring services to all individuals whose Social Security numbers were included in the compromised data. This service is intended to help those affected monitor for any potential misuse of their personal information. The breach has been reported to the U.S. Department of Health and Human Services’ Office for Civil Rights, which confirmed that the personal data of 182,670 individuals was impacted.
To prevent future incidents of this nature, IJBI has implemented several security measures aimed at strengthening its technical controls. These measures are part of the organization’s ongoing efforts to safeguard patient information and ensure the highest levels of data security. While no misuse of the data has been identified, IJBI continues to closely monitor the situation and remains committed to protecting the privacy of its patients.
Reference:
