The federal government is investigating a security lapse that exposed the personal information of more than 700 patients at Cook County Health and Hospitals System this year.
The U.S. Department of Health and Human Services’ Office for Civil Rights has listed the data exposure among its current investigations.
The hospital system publicly acknowledged the incident in a news release in October, saying that it was notified by Experian Health in August that Experian mistakenly sent patient information to other health care facilities during a computer system upgrade in March.
That information included names, account numbers, medical record numbers and birthdays. Addresses, Social Security numbers and clinical information were not exposed in the incident, according to the hospital system.
Experian works with the hospital system to help it determine patients’ insurance eligibility.
So far, there’s been no indication that any patient information was misused, said Alexandra Normington, a spokeswoman for Cook County Health, in an email.
She said Cook County Health was “one of many health care organizations impacted by the Experian breach.”
Experian said in a statement provided by spokesman Michael Troncale on Monday that the incident was not a true data breach “but an isolated processing error.” Patient information was sent only to other health care organizations that must also comply with a federal law preventing them from disclosing personal patient data, according to Experian.
“As soon as this was discovered, Experian took immediate action to correct the error,” according to the statement.
Southern Illinois Healthcare also reported, in June, that personal information of more than 600 of its patients was potentially exposed as part of the Experian incident.