The largest independent group of physicians in Illinois is notifying hundreds of thousands of patients that their personal information may have been exposed.
DuPage Medical Group (DMG) said that patient data could have been compromised when its computer network was hacked last month.
On Monday, DMG announced that it would be mailing letters to 600,000 patients to warn them of the potential threat to their data's security.
Patient information that may have been accessed by the hackers includes names, addresses, dates of birth, diagnosis codes, information on medical procedures, and treatment dates. For some patients, there is a chance that their Social Security number may also have been compromised.
The cyber-attack, which took place on July 13, caused a network outage at DMG. Third-party cyber-forensic specialists hired to investigate the security incident determined that unauthorized actors had gained access to the DMG network between July 12, 2021, and July 13, 2021, and that it was they who had caused the outage.
In a statement published Monday, DMG said: "With the assistance of the forensic specialists, DMG conducted a thorough and time-consuming review of its systems to understand whether any patient information may have been impacted as a result of this event.
"On August 17, 2021, we determined that certain files stored within our environment that contained patient information may have been impacted by this incident."
The group said that the exposed data did not include any financial account numbers and that the investigation found no evidence of data misuse following the attack.
Since being targeted by hackers, DMG has implemented additional cybersecurity measures and says it is reviewing existing security policies "to further protect against future incidents and improve our technology roadmap to better serve patients."
DMG is offering free credit monitoring and identity theft protection to those individuals affected and potentially affected by this incident.
The group has also established a dedicated call center to field questions from concerned patients regarding the possible data breach.
Patients are advised to remain vigilant against fraud and identity theft and to review their account statements, credit reports, and explanation of benefits forms for suspicious activity.