DOWNERS GROVE, Ill. — DuPage Medical Group announced Monday that it identified and addressed a data security incident, and is now notifying patients whose information may have been involved.
On July 13, DMG experienced a security incident that caused a disruption to its network systems, the company said. DMG immediately began working with third-party cyber-forensic specialists to assist in the investigation to determine the full nature and scope of the incident.
Through the investigation, it was determined that the network outage was caused by unauthorized actors who gained access to the DMG network, between July 12 and 13. With the assistance of the forensic specialists, DMG conducted a thorough review of its systems to understand whether any patient information may have been impacted as a result of this event, DuPage Medical said.
On Aug. 17, the company determined that certain files containing patient information may have been impacted.
DMG is in the process of mailing letters to individuals whose information may be involved in this incident. The personal information potentially affected by this included names, addresses, dates of birth, treatment dates and more.
RELATED: T-Mobile says data breach affects more than 40 million people
For a small subset of individuals, social security numbers may also have been affected, DuPage Medical said.
To date, DMG has no evidence that any information has been subject to actual or attempted misuse as a result of this incident. This event did not impact financial account numbers.
While the investigation determined that only certain portions of the network were impacted, DuPage Medical Group conducted a thorough investigation and could not rule out the possibility that files containing patients’ information may have been affected.
“We take this incident seriously, and as an added precaution, DMG is offering credit monitoring and identify theft protection at no cost for those individuals affected and potentially affected by this incident,” the company said.
The company has implemented additional cybersecurity measures, and, as part of DMG’s ongoing commitment to the security of information, is reviewing existing security policies to further protect against future incidents.
Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state attorney general.
Copyright © 2021 by The Associated Press. All Rights Reserved.