Hackers Hit OSF Little Company of Mary Medical Center

EVERGREEN PARK, IL – OSF HealthCare is quietly notifying patients whose personal information may have been compromised in a security breach. The affected hospitals include OSF Little Company of Mary Medical Center in Evergreen Park, and OSF Saint Paul Medical Center in Mendota, Minn.

The Peoria-based OSF HealthCare, which operates 15 hospitals throughout the Midwest, said in a written statement that it had identified and addressed a data security incident that disrupted some of its IT systems. The incident was identified on April 23, and OSF immediately began locking down its systems. OSF also hired a third-party forensic investigator to launch an investigation, and notified law enforcement.

The investigation determined that an unauthorized party gained access to the OSF systems from March 7 to April 23. Letters to patients at both hospitals were sent earlier this month. OSF did not say how many patients’ were affected by the data breach.

A review of the files from Aug. 24 determined that they may have contained patient names and contact information, including: dates of birth; Social Security numbers; driver’s license numbers, state ID or government identification numbers; treatment and diagnosis information and codes; physician names, dates of service, hospital units, prescription information and medical record numbers; and Medicare, Medicaid or other health insurance information. A few patients’ financial account information, credit or debit card information or credentials for an online account were also involved in the data breach.

OSF recommends patients whose health information may have been compromised to review the statements from their health care providers, and contact them immediately if they see services they did not receive.

In addition, for eligible patients whose Social Security numbers or driver’s license numbers may have been compromised in the data breach, OSF is offering complimentary credit monitoring and identity protection services through Experian.

“OSF takes this incident very seriously and sincerely regrets any concern this may cause,” the health care network said. “To help prevent something like this from happening again, OSF has implemented additional safeguards and technical security measures to further protect and monitor its systems.”

A dedicated call center has been established to answer questions about the data breach, which can be reached at 855-551-1669, Monday through Friday, between 8 a.m. and 5:30 p.m. Central Time.