The personal information of more than 500 people may have been compromised in a hacking incident at Loretto Hospital on the city’s West Side, according to the U.S. Department of Health and Human Services.
Loretto began investigating after it became aware of suspicious activity, according to a notice posted on the hospital’s website. The investigation found that an “unknown actor” had accessed the hospital’s system between Jan. 17 and Feb. 1, and copied files during that time.
“We are reviewing the files to determine the content and to whom it relates,” Loretto wrote in the notice.
The investigation also found that certain data put into the hospital’s electronic medical record between the evening of Feb. 2 and the afternoon of Feb. 3 was not saved.
“We worked diligently to restore and capture as much data and patient records as possible during this downtime, but some records may not have been recovered or fully recreated,” Loretto wrote in the notice.
Loretto said it is reviewing its files and will notify those who may have been affected at the end of its review.
“As part of our ongoing commitment to information security, we are currently reviewing our policies and procedures, as well as assessing new cybersecurity tools, to reduce the risk of a similar incident occurring in the future,” Loretto wrote in the notice.
Cyber breaches and attacks have become increasingly common at health care systems across the country. Hospital systems are often targeted because of their dependence on technology and the large amounts of sensitive information – such as social security numbers, credit card numbers and medical information – that they handle.
Last year, cyber criminals attacked Chicago’s Lurie Children’s Hospital, and it took more than a month for Lurie to get all of its systems back online after the attack. Last year, criminals also attacked Ascension, a large nationwide health system that had 14 hospitals in Illinois at the time.
Health systems must report breaches of protected health information involving 500 or more individuals to the U.S. Department of Health and Human Services’ Office for Civil Rights, which posts reports on a public website, nicknamed the Wall of Shame.
People with questions are encouraged to contact Loretto at cyber.incident@lorettohospital.org.
