In April 2023, a data breach occurred, exposing the personal information of 1.2 million patients in the Cook County Health and Hospital System. The breach was attributed to an unauthorized individual who accessed the systems of a third-party provider, Perry Johnson and Associates Inc., which offered medical transcription services.
Cook County Health became aware of the data security incident in July when PJ&A reported it, prompting an investigation. Patient data, including dates of birth, addresses, medical records, and medical information, was compromised, and around 2,600 records may have included Social Security numbers.
As a response to the breach, Cook County Health immediately terminated its relationship with the third-party provider and ceased sharing data with them. Impacted patients are set to receive notifications by mail, beginning next week, containing information about the incident and guidance on safeguarding their data. The health agency is also offering affected individuals assistance with monitoring their credit reports and freezing them if necessary.
While there is no current evidence of personal information misuse, Cook County Health advises patients to stay vigilant and monitor their medical bills for any suspicious activities.
This data breach highlights the significance of protecting patient data and the potential risks associated with third-party providers in the healthcare sector. Cook County Health’s proactive measures in response to the incident demonstrate their commitment to ensuring patient data security and privacy. Patients are encouraged to take advantage of the support offered to safeguard their personal information.