CHI Health is notifying patients that a “cyber security event” has occurred at one of its providers that may have exposed some patients’ protected health information.
The data used includes names, social security numbers, medical codes, addresses, phone numbers, email addresses, dates of birth, and gender.
The provider, MCG Health LLC, determined on March 25 that an unauthorized party had previously obtained personal information matching data stored on MCG’s systems, CHI Health said in a press release.
MCG, a Seattle-based technology company, provides patient care advice to healthcare providers and insurance plans in the United States, including CHI Health.
On April 22, the company notified CHI Health officials that data from some of its patients may have been involved. CHI Health officials said in a statement that they initially hoped their patient information was not available or disclosed. However, on May 11, the health system determined that “there is a possibility that the protected health information of some of our patients may have been compromised.”
People also read…
There was no information on how many patients with HHI could be affected. A CHI Health spokesperson referred questions to the MCG, who could not be reached on Tuesday for comment.
MCG did not indicate in its June 10 event notice on its website how many of its customers may have been affected. Sioux Falls Argus Leader said on Monday that information on approximately 700 patients outsiders gained access from Avera McKennan Hospital and University Medical Center.
CHI Health officials said MCG will notify affected patients by letter on behalf of the health system.
According to the report, MCG has hired a forensic investigation firm to assist and is also coordinating with the FBI.
Although the exact nature of the event is not specified, data breaches and cyberattacks targeting healthcare systems have increased over the past few years. The US Department of Health and Human Services counted 618 hacks and attacks affecting at least 500 people in 2021.
In 2020, an investigation revealed that an unauthorized party gained access to the shared network of Nebraska Medicine and UNMC. The party deployed malware or malware and acquired copies of some of the patient and employee information stored on the systems. While thousands of people’s data may have been involved, the investigation found no evidence that people’s personal information was used to commit fraud or identity theft as a result of the incident.
MCG is offering two years of free identity protection and credit monitoring services to affected CHI Health patients. The company has also set up a call center to answer questions related to the event. The call center is available at 866-475-7221 Monday through Friday from 8:00 am to 6:00 pm and Saturday and Sunday from 10:00 am to 3:00 pm. More information can be found on the MCG website. Web site, mcg.com. Look for “Patient and Participant Data Notice”.
CHI Health officials urged patients to review their account statements and keep an eye out for free credit reports. Under federal law, Americans are entitled to one free credit report per year from each of the three nationwide consumer information agencies. To order a report visit annual credit report.com or call toll-free 877-322-8228.