More than 1,200 patients of Chicago-based Midwest Orthopaedics at Rush (MOR) may have had personal information compromised after an unknown individual gained unauthorized access to a doctor's personal email account, which contained the data.
How many victims? 1,256.
What type of personal information? Names, dates of birth, surgical descriptions or codes, surgical dates, and special surgical instructions.
What happened? A MOR doctor's personal email account, which contained the patient data, was accessed by an unauthorized individual.
What was the response? MOR conducted an investigation. MOR is reviewing and updating privacy policies – including eliminating the use of personal email addresses for work purposes – and is conducting annual training for employees. All impacted individuals are being notified.
Details: Access was gained to the MOR doctor's email account on or around Feb. 10.
Quote: “To date, MOR has not received any reports that the Protected Health Information has been accessed or misused,” according to a notification on the MOR website.
Source: rushortho.com, “Midwest Orthopaedics at Rush Notifies Patients of Privacy Incident,” April 4, 2014.