Experian Health Breach Impacted Cook County Health and Hospitals System Patients


Patients of Cook County Health and Hospitals System received notification of a breach of their protected health information. Two hospitals and about a dozen community health centers in Cook County Illinois are potentially affected.

The Experian Health, Cook County Health and Hospital System’s business associate, was responsible for the breach. As an entity contracted to assess patient insurance eligibility Experian Health get access to limited patient information. It was during a computer system upgrade in March 2017 that the protected health information (PHI) of 727 patients was sent to other healthcare systems by mistake. Fortunately, the types of information disclosed are of no use for cybercriminals to commit identity theft.

The PHI disclosed is limited to the patient’s names, dates of birth, account numbers and medical record numbers. Moreover, the PHI was sent to healthcare organizations covered by HIPAA Rules. Hence, it is deemed that the potential risk to patients is low. In fact, until now there are no reports of unauthorized use of the exposed PHI.

When the breach was discovered, Experian Health took the necessary steps to secure the disclosed information and implemented safety precautions as well to avoid the occurrence of similar incidents. Cook County Health and Hospitals System reviewed the entire incident and found Experian Health’s actions to be quite satisfactory.

Cook County Health and Hospitals System found out about the breach on August 1, 2017. The management posted a breach notice on the health system’s website on October 2, 2017 and sent breach notifications by mail to all affected patients. A breach report was also submitted to the Department of Health and Human Services’ Office for Civil Rights in compliance with HIPAA Rules.