25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Almost 80,000 Patients Affected by Cyberattack on Fertility Centers of Illinois

Posted By on Jan 6, 2022

Fertility Centers of Illinois (FCI) has recently notified 79,943 current and former patients that some of their protected health information may have been viewed or obtained by unauthorized individuals.

FCI identified suspicious network activity on February 1, 2021, and took prompt action to secure its systems. Independent forensic investigators were then engaged to determine the nature and scope of the security breach.

FCI had implemented security measures to keep patient data secure, and those measures ensured its electronic medical record system could not be accessed; however, the attackers were found to have accessed administrative files and folders. A review of those files confirmed on August 27, 2021, that they contained a range of PHI including names in combination with one or more of the following types of information:

Social Security numbers, passport numbers, financial account information, payment card information, diagnoses, treatment information, medical record numbers, billing/claims information, prescription information, Medicare/Medicaid identification information, health insurance group numbers, health insurance subscriber numbers, patient account numbers, encounter numbers, referring physicians, usernames and passwords with PINs or account login information.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Employee information was also potentially compromised including names, employer-assigned identification numbers, ill-health/retirement information, occupational health-related information, medical benefits and entitlements information, patkeys/reason for absence, and sickness certificates.

FCI said it had strict security measures in place to prevent unauthorized data access, but the attackers were able to bypass those controls. Steps have since been taken to further secure its systems, data, and equipment, including implementing enterprise-class identity verification software and providing additional training to the workforce on security practices.

All affected individuals have been notified by mail and have been offered complimentary credit monitoring and identity theft protection services for 12 months through Equifax.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist