25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

655,000 DuPage Medical Group Patients Notified About PHI Breach

Posted By on Sep 1, 2021

DuPage Medical Group, the largest independent physician group in the state of Illinois, has started notifying 655,384 patients about a security breach in which their personal and protected health information may have been compromised.

DuPage Medical Group identified suspicious activity in its computer network on July 13, 2021 and engaged cyber forensic specialists to conduct an investigation to determine the full nature and scope of the breach. They determined unauthorized actors had gained access to its IT systems on July 12 and access remained possible until the breach was detected on July 13 and its network was secured.

A comprehensive review was conducted of all files on the systems that were accessible to the hackers and, on August 17, 2021, DuPage Medical Group confirmed that files containing patient information had potentially been impacted.

The types of information potentially compromised in the security breach varied from patient to patient and may have included the following data elements: Names, address­es, dates of birth, diag­no­sis codes, Cur­rent Pro­ce­dur­al Ter­mi­nol­o­gy (CPT) codes, and treat­ment dates. The Social Security numbers of a small subset of patients were affected, but no financial information was exposed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

DuPage Medical Group said the forensic investigation uncovered no evidence to suggest any information stored on the affected systems has been sub­ject to actu­al or attempt­ed mis­use as a result of the security inci­dent; however, as a precaution against identity theft and fraud, complimentary credit monitoring and identity theft protection services are being offered to all individuals affected by the breach.

The exact nature of the cyberattack was not disclosed so it is unclear if the attackers attempted to deploy ransomware. DuPage Med­ical Group said the security breach “caused a disruption to network systems” and resulted in a “network outage.”

DuPage Medical Group said it has reviewed its existing security measures and has already implemented additional cybersecurity protections to reduce the risk of further cyberattacks, and will “improve every aspect of our tech­nol­o­gy roadmap to bet­ter serve patients.”

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist