DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cook County Health & Hospitals System notifies hundreds of patients that email with PHI was sent without encryption

Posted on September 22, 2014 by Dissent

On September 17, Cook County Health & Hospitals System posted a breach notification on their site:

As part of a collaborative public health project, an individual working on behalf of CCHHS sent an e-mail to an authorized individual at a non-Cook County healthcare organization in July 2014.

The transmitted information contained protected health information that was not encrypted. Encryption is a process that converts the information into a format that cannot be easily understood by unauthorized people. This was identified immediately after the e-mail was sent. The receiving organization deleted the e-mail without reviewing the contents. There has been no indication of unauthorized use of the information and CCHHS officials have notified affected individuals.

The information contained patient names, date of birth, race, ethnicity, gender, zip code, medical record number, date of service, place of service, type of lab test performed and lab test results. The information DID NOT contain patient addresses or social security numbers.

CCHHS provides ongoing training to its workforce on issues surrounding patient privacy. In response to this incident, CCHHS initiated corrective actions to make every effort to ensure this does not happen again and has followed its policies and procedures with regard to violations of patient privacy.

Patients who have questions or would like additional information should call toll-free 1-877-476-1873 (8 a.m. to 5 p.m. Monday through Friday), e-mail the Cook County Health & Hospitals System Compliance Program at [email protected] <mailto:[email protected]> or send a letter to Cathy Bodnar, Chief Compliance and Privacy Officer, Cook County Health & Hospitals System, 1900 West Polk, Suite 123, Chicago, IL 60612.

This incident was reported to HHS as affecting 767 patients. Significantly, perhaps, considering that lab tests and results were included in the email, CCHHS listed South Suburban HIV/AIDS Regional Clinics as the business associate involved. SSHARC did not respond to an email inquiry sent earlier today via their website for a statement.

Category: Uncategorized

Post navigation

← Kansas State U. discloses possible leak of student personal information
CFPB Must Improve Financial Data Security: GAO →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Credit Control Corporation data allegedly from 9.1 million consumers listed for sale on forum
  • Copilot AI Bug Could Leak Sensitive Data via Email Prompts
  • FTC Provides Guidance on Updated Safeguards Rule
  • Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
  • Hackers Break Into Car Sharing App, 8.4 Million Users Affected
  • Cyberattack pushes German napkin company into insolvency
  • WMATA Train Operators Arrested in Health Care Fraud Scheme
  • Washington Post investigating cyberattack on journalists, WSJ reports
  • Resource: State Data Breach Notification Laws – June 2025
  • WestJet investigates cyberattack disrupting internal systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.