Illinois Bone & Joint Institute Hacking Incident Affects 568,000 Patients
A data breach has been reported by the Illinois Bone & Joint Institute that affects more than 182,000 individuals. A network security incident has been reported by Access Sports Medicine & Orthopedics in New Hampshire that affects 88,044 individuals.
Illinois Bone & Joint Institute
The Illinois Bone & Joint Institute (IJBI), which operates over 100 clinics in the Chicagoland area, announced it detected unauthorized access to certain computer systems on July 4, 2024. Hackers first gained access to its network on May 30, 2024, and were ejected on July 4, 2024. IJBI said its facilities remained open throughout and care continued to be provided to patients.
The forensic investigation confirmed that files were copied from its network, which included the information of patients and dependents of those individuals, including names, addresses, dates of birth, Social Security numbers, diagnosis and treatment information, and health insurance/claims information.
No evidence has been found to indicate any misuse of the stolen data. Complimentary credit monitoring services have been offered to individuals whose Social Security numbers were involved. The breach was recently reported to the HHS’ Office for Civil Rights as affecting 182,670 individuals. IJBI said it has taken several steps to prevent similar incidents in the future, including enhancing its technical security controls.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Update: The HHS’ Office for Civil Rights was provided with an updated total after the initial data breach report, indicating that the protected health information of up to 665,321 individuals was breached in the incident.
Access Sports Medicine & Orthopedics
Access Sports Medicine & Orthopedics (Access Sports) has recently notified the Maine Attorney General about a security incident that involved the information of 88,044 individuals, including 5,370 Maine residents. The security breach was detected on May 10, 2024, when suspicious activity was observed in its network environment. Assisted by third-party cybersecurity experts, Access Sports determined that an unauthorized actor accessed certain files and data on its network.
The file review determined on July 3, 2024, that those files included patients’ protected health information, including names, Social Security numbers, dates of birth, financial information, medical information, and health insurance information. Additional monitoring tools have been deployed and Access Sports will continue to enhance the security of its systems. The affected individuals have been notified and offered complimentary Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services.
