DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cook County Health & Hospitals System notifies hundreds of patients that email with PHI was sent without encryption

Posted on September 22, 2014 by Dissent

On September 17, Cook County Health & Hospitals System posted a breach notification on their site:

As part of a collaborative public health project, an individual working on behalf of CCHHS sent an e-mail to an authorized individual at a non-Cook County healthcare organization in July 2014.

The transmitted information contained protected health information that was not encrypted. Encryption is a process that converts the information into a format that cannot be easily understood by unauthorized people. This was identified immediately after the e-mail was sent. The receiving organization deleted the e-mail without reviewing the contents. There has been no indication of unauthorized use of the information and CCHHS officials have notified affected individuals.

The information contained patient names, date of birth, race, ethnicity, gender, zip code, medical record number, date of service, place of service, type of lab test performed and lab test results. The information DID NOT contain patient addresses or social security numbers.

CCHHS provides ongoing training to its workforce on issues surrounding patient privacy. In response to this incident, CCHHS initiated corrective actions to make every effort to ensure this does not happen again and has followed its policies and procedures with regard to violations of patient privacy.

Patients who have questions or would like additional information should call toll-free 1-877-476-1873 (8 a.m. to 5 p.m. Monday through Friday), e-mail the Cook County Health & Hospitals System Compliance Program at [email protected] <mailto:[email protected]> or send a letter to Cathy Bodnar, Chief Compliance and Privacy Officer, Cook County Health & Hospitals System, 1900 West Polk, Suite 123, Chicago, IL 60612.

This incident was reported to HHS as affecting 767 patients. Significantly, perhaps, considering that lab tests and results were included in the email, CCHHS listed South Suburban HIV/AIDS Regional Clinics as the business associate involved. SSHARC did not respond to an email inquiry sent earlier today via their website for a statement.

Category: Uncategorized

Post navigation

← Kansas State U. discloses possible leak of student personal information
CFPB Must Improve Financial Data Security: GAO →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.