Park Ridge police were notified of a burglary at an Advocate Medical Group building, 205 West Touhy Avenue that occurred on Monday, July 15, 2013. There is no word whether there was a burglary alarm in service at the address at the time of the burglary. There were security cameras in place at the address, but there is no word whether valuable images were obtained to capture the crime.
Park Ridge police were apparently notified after the burglary, so apparently no burglar alarm was activated, or there was no automatic notification of the police department. Administrators at Advocate Medical Group have upgraded their security to include 24/7 security personnel at the office at 205 West Touhy.
View Larger Map
Google street view at 205 West Touhy Avenue, Park Ridge, Illinois.
Advocate officials waited more than one month to contact patients after the security breach occurred. Administrators wanted to conduct an internal audit to determine what data the computers contained, and then pinpoint which patients may have been affected, and calculate how many patients were affect. Some employees at the were not aware of the burglary and theft of data until this past week.
The burglary and theft of data affected an estimated 4.03 million patients, which includes any patient who has visited a doctor in the Advocate Medical Group. The data stolen included names, addresses, dates of birth, Social Security numbers, which can be valuable to identity thieves. Clinical data was limited on the particular computers that were stolen. The Advocate Medical Group is a physician-led group that includes about 1,000 doctors at more than 200 locations in the Chicago area and central Illinois. Advocate Medical Group is part of Advocate Health Care, which is the largest health system in Illinois with 13 hospitals — including Advocate Lutheran General Hospital, Advocate Good Shephard Hospital, and Advocate Condell Medical Center.
Computers were password protected, but hard drives or other data storage was not encrypted. There is no word on what brand or type of computer were stolen.
The hospital group, Advocate Health Care has set up a call center for patients who believe they may be affected. A website, www.patientnotice.org, also went live Friday.
Advocate Medical Group is offering patients credit monitoring services, and will soon have instructions for enrollment, which will be provided in the letters sent to patients.
Officials from the Illinois attorney general’s office recommend consumers …
• Consider placing a fraud alert on your credit report, which lasts for 90 days. Only one major consumer reporting agency — TransUnion, Experian, or Equifax — needs to be contacted.
• Obtain one of three free yearly credit reports at annualcreditreport.com and monitor the reports throughout the year.
• Consider placing a freeze on your credit report by contacting each consumer reporting agency separately in writing. That process will disable access to your credit report by any new potential creditors unless you provide the PIN that the consumer reporting agency provides to you.
The attorney general’s office recommends consumers with questions contact the Illinois Attorney General’s identity theft hotline at 866-999-5630.
See also …
Identity Theft Hotline — http://illinoisattorneygeneral.gov/consumers/hotline.html
Advocate Hospital Group Hospitals
Advocate BroMenn Medical Center
Advocate Christ Medical Center
Advocate Condell Medical Center
Advocate Eureka Hospital
Advocate Good Samaritan Hospital
Advocate Good Shepherd Hospital
Advocate Illinois Masonic Medical Center
Advocate Lutheran General Hospital
Advocate Sherman Hospital
Advocate South Suburban Hospital
Advocate Trinity Hospital
Children’s Hospitals
Advocate Children’s Hospital – Oak Lawn
Advocate Children’s Hospital – Park Ridge
***
Notice on patientnotice.org on Saturday August, 24, 2013
Notice for Advocate Medical Group Patients Regarding Privacy Incident
Advocate Medical Group is committed to maintaining the privacy and confidentiality of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
On July 15, 2013, we learned that an Advocate administrative office in Park Ridge, Illinois was burglarized overnight. We discovered that four password-protected computers were stolen. We immediately notified the Park Ridge Police Department and began a thorough investigation to determine the information contained on the computers. Our investigation confirmed that the computers contained patient information used by Advocate for administrative purposes and may have included patient demographic information (for example, names, addresses, dates of birth, Social Security numbers) and limited clinical information (for example, treating physician and/or departments, diagnoses, medical record numbers, medical service codes, health insurance information). Patient medical records were not on the computers and patient care will not be affected.
We want to assure our patients that we are taking this matter very seriously. We continue to work with law enforcement, but to date, they have been unable to locate the computers. While we have no reason to believe that the computers were stolen for the information they contained, as a precaution, because the computers were unencrypted, we began sending letters to affected patients on August 23, 2013. We have also established a dedicated call center for patients to call with any questions. If you believe you are affected but have not received a letter by September 19, 2013, please call 1-877-218-1009 Monday through Friday between 8:00 a.m. and 6:00 p.m. Central Time and provide the following ten digit reference number 4081080613 when prompted.
We deeply regret that this incident has occurred. In order to prevent such an incident fromreoccurring, we have enhanced our security measures and are conducting a thorough review of our policies and procedures.
What Happened?
On July 15, one of our administrative offices in Park Ridge was burglarized. Thieves broke into the building and stole items including four computers.
After a thorough investigation, we’ve determined that the missing computers contained patient information.
Patient medical records were not on the computers.
Nothing leads us to believe this information has been used inappropriately.
We are notifying all potentially impacted patients because we want our patients to know this happened and, for peace of mind, we are offering them credit monitoring services.
How Could This Have Happened?
Unfortunately, we were burglarized.
Action We’ve Taken:
Security is a top priority in our organization. We are always looking for ways to improve. We have taken actions to reduce the possibility that this could happen again:
Added a physical security presence 24/7 at the location that was burglarized. We are also evaluating, on an ongoing basis, what other facilities may need similar protections.
We have reinforced our security protocols and encryption program with associates.
We have alerted every patient potentially impacted and offered additional credit monitoring protections.
Will my care be impacted?
No, this issue has no impact on patient care. Our top priority continues to be on delivering the highest quality care.
What resources are available to me?
Please refer to the toll free number in your letter or call 1-877-218-1009 and provide the following passcode 4081080613 to get your questions answered. The call center is available Monday through Friday from 8 a.m. to 6 p.m. CST. Enrollment instructions for credit monitoring services are provided in the letter you received. If you do not receive a letter by September 19 and you think you are affected by this please call 1-877-218-1009 and provide the following passcode 4081080613.