DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Franciscan Physician Network of Illinois and Specialty Physicians of Illinois notify patients of payment records lost or stolen from storage facility

Posted on December 13, 2017 by Dissent

Their press release:

December 12 – Franciscan Physician Network of Illinois (FPN Illinois) and  Specialty Physicians of Illinois, LLC (formerly known as Wellgroup Health Partners, LLC, “SPI”) are notifying patients of a privacy breach.

On November 21, 2017, it was confirmed that a limited number of boxes that contained 22,000 patient payment records could not be located in a shared record storage facility located in Chicago Heights, Illinois. The boxes contained records from 2010 and 2015-17.

After an earlier routine records request, records personnel searched for the requested materials and could not locate them which triggered a further inventory audit that discovered some of the boxes, but a total of 40 boxes of payment records could not be located.

While the continuing investigation has not revealed any evidence of foul play, officials have taken the added step of notifying law enforcement as a further precaution.

“We value patient privacy and deeply regret that this incident occurred,” said Craig Miller, SPI executive director. “We are conducting a thorough investigation to identify additional measures we can take to prevent similar incidents in the future,” he said. Claude Foreit , vice president of  Franciscan Physician Network, stated, “Steps have been taken to improve safeguards for payment records, including bolstering physical security, updating our tracking system for paper records, and retraining employees responsible for handling these records.”

The affected records only include information relating to payments that were made in person either in the office at the time of service or in person at an FPN Illinois or SPI facility. Of those stored transactions, it was determined that payment records such as patient receipts, credit card receipts, and back-office accounting reconciliations were included in the boxes. The information included patient name, address, payment date, payment amount, payment method, office location and the last four digits of patient credit card numbers. No full credit card number was compromised in the incident. For a small subset of individuals who paid with a check, the records may contain the patient’s routing number, bank account number and social security number.

The payment records from 2010 may have also included patient date of birth, account number assigned by the facility, insurance ID number, diagnosis, type of visit, procedure code, provider name and address, dates of service and description of services performed.

Impacted individuals have been notified by mail and will be offered two years of identity theft protection services at no cost. Patients affected will also be encouraged to monitor their financial accounts, credit history, and Explanation of Benefits statements as extra precautions.

A dedicated hotline, (833) 295-7812, has been established to take patient questions related to this incident.

 

Category: Breach IncidentsHealth DataLost or MissingPaperTheftU.S.

Post navigation

← UK banks will be forced to publish security breach info and complaints
Mirai IoT Botnet Co-Authors Plead Guilty →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.