It has recently been revealed by Illinois Gastroenterology Group that a number of unauthorized individuals were able to obtained access to its group databases to the extent that they may have been in a position to view and downloads sensitive private patient data.
The illegal data breach was initially discovered when the group IT team noticed suspicious activity taking place within its computer network on October 22, 2021,
A team of external cybersecurity experts was contracted to review the cyber attack and estimate the extent of the damage that may have been inflicted during the incident. On November 18, 2021, Illinois Gastroenterology became aware that some sections of the databases had been logged on to by unauthorized actors. These database sections were holding private patient information such as names, addresses, dates of birth, Social Security data, driver’s license details, specific passport numbers, financial account details, payment card information, employer-assigned identification credentials, medical histories, and biometric information.
Illinois Gastroenterology said that it was not in a position to completely eliminate the unauthorized viewing or illegal removal of files holding patient data. However at the time of sending official notification letters, the group had not become aware of anything to indicate that there had been any fraudulent or improper illegal use of the impacted information. The review of the impacted files was concluded on March 22, 2022, and notification letters have now been shared with all impacted people.
The group, in it response to the cyberattack. completed an overall review of policies and processes linked to network security. Additionally, the configuration of an enhanced managed Security Operations Center was speeded up, and multi-factor authentication was put in place. While the security breach was not found to have included any ransomware element, Illinois Gastroenterology said a new endpoint detection and response platform has been enabled that has policies to deal specifically with ransomware.
The data breach has recently been made known to to the HHS’ Office for Civil Rights. The report states that it may have impacted to 227,943 individuals.