HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hackers Gained Access to Files Containing the PHI of 115,670 South Shore Hospital Patients

Chicago’s South Shore Hospital has started notifying 115,670 current and former patients about a December 2021 cyberattack on its network. Suspicious activity was identified on its network on December 10, 2021, and prompt action was taken to contain the incident. Emergency protocols were implemented to ensure care could continue to be safely provided to patients.

South Shore Hospital engaged a team of third-party computer forensics experts to investigate the security breach and determine whether patient information was accessed or stolen. The investigation confirmed the attackers gained access to parts of its network where files were stored that contained the protected health information of patients and employee data, including names, addresses, dates of birth, Social Security numbers, health insurance information, medical information, diagnoses, health insurance policy numbers, Medicare/Medicaid information, and financial information.

South Shore Hospital said it will be implementing additional security measures to better protect its network against cyberattacks, including stronger password policies, multifactor authentication, and additional anti-malware and anti-phishing tools. Further training on data privacy and security will also be provided to the workforce.

South Shore Hospital has provided affected individuals with information on how they can protect themselves against the misuse of their information, which includes signing up for a 12-month complimentary membership to IDX’s credit and CyberScan monitoring service. Affected individuals will also be protected with a $1 million identity theft reimbursement insurance policy and will have access to identity theft recovery services if they are needed.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Spencer Gifts Health and Welfare Benefit Plan Reports Hacking Incident

Spencer Gifts has discovered unauthorized individuals gained access to its network between November 24, 2021, and November 26, 2021, and potentially viewed or obtained files containing the protected health information of 10,023 members of its health and welfare benefits plan.

The attack was detected on November 25, 2021, and its network was secured the following day. The investigation confirmed names, Social Security numbers, and plan selection information had been exposed. Notification letters started to be sent to all affected individuals on January 24, 2022, and complimentary identity theft monitoring services have been offered to affected individuals. Spencer Gifts said it is reviewing its security policies and procedures and further electronic security features will be implemented.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.