Surgical information for more than 1,200 patients may have been compromised in February when an unknown person accessed a doctor’s Gmail account, a Chicago-area physicians’ group announced Friday.
Midwest Orthopedics at Rush said in a news release that names and dates of birth for 1,256 patients could have been accessed, along with descriptions, dates and instructions for their surgeries. All those patients were notified by letter this week, Midwest Orthopedics at Rush said, and the group has received no reports that the information has been misused.
The data breach, which was discovered around Feb. 10, did not expose patients’ financial information, the group said.
“We take this situation very seriously and apologize that this incident occurred,” Dennis Viellieu, the group’s CEO, said in the news release. “Maintaining the integrity of confidential patient information is of utmost importance to us.”
Since the breach, Midwest Orthopedics at Rush has “eliminated the use of outside physician e-mail accounts within our domain,” the release said. The group is also conducting annual training for employees on how to secure patients medical information.
Ann Pitcher, a spokeswoman for Midwest Orthopedics, said law enforcement had not been notified but the group had told the federal Department of Health and Human Services about the breach.
Midwest Orthopedics at Rush is a group of about 40 doctors who see patients in the city and suburbs. Though the unit is technically separate from Rush University Medical Center, its doctors hold academic appointments at the university. The group serves as team physicians for the Chicago Bulls and Chicago White Sox.
The incident at Midwest Orthopedics comes less than a year after information on 4 million patients was compromised when unencrypted computers were stolen from Advocate Medical Group’s Park Ridge office.