An unknown third-party gained unauthorized access to the personal data of nearly 2,000 Lurie Children’s Surgical Foundation patients earlier this year, according to a Tuesday news release from Lurie Children’s Hospital.
The data leak was a result of a security breach at NextGen, a third-party company that provides electronic health billing software for the medical group.
The electronically stored patient data involved in the breach includes names, dates of birth, addresses and social security numbers that an unauthorized third-party gained access to between March 29 and April 14.
A spokesperson for Lurie Children’s Hospital said in a statement that this was a third-party security breach and the hospital’s systems “weren’t impacted at all.”
NextGen notified affected individuals on April 28, and offered two years of free identity monitoring, fraud consultation and identity theft restoration services through the company Experian, according to the news release.
The company said there is no evidence of access or impact to the health or medical records of the 1,997 patients impacted by the breach, according to the release.
NextGen was alerted to unusual login and account activity involving their NextGen Office system on March 30 and April 14, the hospital release said. The hospital said the company launched an investigation, “further reinforced the security of its systems” and contacted law enforcement.
Lurie Children’s Hospital is one of the largest pediatric providers in the Chicago area. Lurie Children’s Surgical Foundation, whose patients were impacted by the data breach, is a medical group, or bill type, associated with the hospital.
The hospital says that individuals seeking additional information can reach out to Privacy Office at [email protected] or 312-227-4679.