On April 23, 2021, OSF HealthCare notified 53,907 of their patients about a cyberattack. After the discovery of the attack, necessary steps were taken to prevent unauthorized access and to determine the extent of the breach. On August 24, 2021, it was found that a large amount of sensitive customer data was compromised. It was also confirmed the first system attack took place from March 7, 2021, to April 23, 2021.
The following patient data was compromised:
- Contact Information
- Dates Of Birth
- Social Security Numbers
- Driver’s Licence Numbers
- State/Government Numbers
- Treatment Information
- Diagnosis Information and Codes
- Physician’s Names
- Dates of Service
- Hospital Units Prescription Information
- Medical Record Numbers
- Medicare/Medicaid or Other Health Insurance Information
It was also discovered that a subset of patient financial account information, credit/debit card information or credentials for an online financial account had also been exposed.
“The substitute breach notice on the OSF HealthCare website makes no mention of the nature of the attack, but this appears to have been a ransomware attack involving data theft, with data potentially stolen 7 months ago,” (HIPAA, 2021).
This case is an excellent reminder to have certified ITAD on your side, to prevent the exposure of sensitive data. It is important to also adhere to laws such as HIPAA and to be certified in compliance-related certifications to keep both your business and client’s data protected.
Lifespan places compliance as a pivotal priority in all lines of our business to ensure 100% protection and security. Lifespan is fully HIPAA compliant and guarantees your ITAD program follows a flow that supports critical compliance. We pride ourselves in adhering to OSHA laws and regulations and obtaining certifications in ISO 9001, 14001 and 45001, NAID AAA and R2.
To learn more about this topic, read this HIPAA Journal article.
To learn more about Lifespan’s certifications and memberships, click here.