DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Franciscan Physician Network of Illinois and Specialty Physicians of Illinois notify patients of payment records lost or stolen from storage facility

Posted on December 13, 2017 by Dissent

Their press release:

December 12 – Franciscan Physician Network of Illinois (FPN Illinois) and  Specialty Physicians of Illinois, LLC (formerly known as Wellgroup Health Partners, LLC, “SPI”) are notifying patients of a privacy breach.

On November 21, 2017, it was confirmed that a limited number of boxes that contained 22,000 patient payment records could not be located in a shared record storage facility located in Chicago Heights, Illinois. The boxes contained records from 2010 and 2015-17.

After an earlier routine records request, records personnel searched for the requested materials and could not locate them which triggered a further inventory audit that discovered some of the boxes, but a total of 40 boxes of payment records could not be located.

While the continuing investigation has not revealed any evidence of foul play, officials have taken the added step of notifying law enforcement as a further precaution.

“We value patient privacy and deeply regret that this incident occurred,” said Craig Miller, SPI executive director. “We are conducting a thorough investigation to identify additional measures we can take to prevent similar incidents in the future,” he said. Claude Foreit , vice president of  Franciscan Physician Network, stated, “Steps have been taken to improve safeguards for payment records, including bolstering physical security, updating our tracking system for paper records, and retraining employees responsible for handling these records.”

The affected records only include information relating to payments that were made in person either in the office at the time of service or in person at an FPN Illinois or SPI facility. Of those stored transactions, it was determined that payment records such as patient receipts, credit card receipts, and back-office accounting reconciliations were included in the boxes. The information included patient name, address, payment date, payment amount, payment method, office location and the last four digits of patient credit card numbers. No full credit card number was compromised in the incident. For a small subset of individuals who paid with a check, the records may contain the patient’s routing number, bank account number and social security number.

The payment records from 2010 may have also included patient date of birth, account number assigned by the facility, insurance ID number, diagnosis, type of visit, procedure code, provider name and address, dates of service and description of services performed.

Impacted individuals have been notified by mail and will be offered two years of identity theft protection services at no cost. Patients affected will also be encouraged to monitor their financial accounts, credit history, and Explanation of Benefits statements as extra precautions.

A dedicated hotline, (833) 295-7812, has been established to take patient questions related to this incident.

 

Related posts:

  • Franciscan Health System notifies more than 12,000 patients after employees fall for phishing scheme (updated)
  • December was one of the busiest months for health data breach disclosures
  • Connexin Software notifies parents of 2.2 million pediatric patients of hack
  • Madison Square Garden Company Alerts Customers of Payment Card Data Breach
Category: Breach IncidentsHealth DataLost or MissingPaperTheftU.S.

Post navigation

← UK banks will be forced to publish security breach info and complaints
Mirai IoT Botnet Co-Authors Plead Guilty →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.