Chicago-based South Shore Hospital is a non-profit hospital with Magnet Hospital recognition. “We are committed to providing appropriate care to each individual patient, regardless of race, color, creed, and financial status,” says the South Shore website.
The breach resulted in unauthorized access to over 115,000 patient and employee records. The leaked data included addresses, full names, social security numbers, birth dates, health insurance information, financial information, diagnoses, medical information, Medicare/Medicaid information, and health insurance policy numbers.
The breach occurred when a bad actor accessed the hospital’s internal systems. “Upon discovery, SSH quickly activated its emergency operating protocols to continue providing safe patient- and family-centered care to those who need it,” stated the hospital. South Shore contacted law enforcement and employed a third-party investigative team to research the breach.
This breach occurred on Friday, December 10th, 2021.
The breach impacts some South Shore patients. The hospital was hit with a class action lawsuit sometime after the violation. “Vulnerable people, like those with substance-abuse issues and the elderly, can make for ideal targets for scams and extortion,” said the lawsuit (source ClassAction.org). “These are the people whose data SSH put at risk, and ultimately exposed, by using inadequate safeguards that allowed cybercriminals to bypass lax security measures to access patients’ and employees’ data.”
The breach affected 115,670 individuals. The victims are now at significantly higher risk for fraud, identity theft, assault, and scams.