The DuPage Medical Group (DMG) announced on Monday, Aug. 30 that it has identified and addressed a data security incident, and is now notifying patients whose information may have been involved.
On July 13, DMG experienced a security incident that caused a disruption to its network systems. DMG immediately began working with third-party cyber-forensic specialists to assist in the investigation to determine the full nature and scope of the incident.
Through the investigation, it was determined that the network outage was caused by unauthorized actors who gained access to the DMG network, between July 12 and July 13. With the assistance of the forensic specialists, DMG conducted a thorough and time-consuming review of its systems to understand whether any patient information may have been impacted as a result of this event.
On Aug. 17, DMG determined that certain files stored within its environment that contained patient information may have been impacted by this incident.
DMG is in the process of mailing letters to a broad and inclusive list of individuals directly whose information may be involved in this incident. The personal information potentially affected by this included names, addresses, dates of birth, diagnosis codes, CPT codes (Current Procedural Terminology, also known as service codes, are a universal system that identifies medical procedures), and treatment dates.
For a small subset of individuals, Social Security numbers may also have been affected. To date, DMG has no evidence that any information has been subject to actual or attempted misuse as a result of this incident. This event did not impact financial account numbers.
While the investigation determined that only certain portions of the network were impacted by this event, DMG conducted an extensive and thorough investigation and could not rule out the possibility that files containing patients’ information may have been impacted by this event. The company has implemented additional cybersecurity for healthcare and as part of DMG’s ongoing commitment to the security of information, is reviewing existing security policies to further protect against future incidents and improve its technology roadmap to better serve patients.
DMG said it takes this incident seriously, and as an added precaution, it is offering credit monitoring and identify theft protection at no cost for those individuals affected and potentially affected by this incident. A dedicated call center has been established to help address questions. Additional information is available by calling the toll-free incident response line at 1−800−709−2027 between the hours of 8 a.m. and 8 p.m. Monday through Friday, or by visiting www.dupagemedicalgroup.com.