Social security numbers from 1.1 million patients leaked in 2020 Indiana University hospital breach
Social security numbers from 1.1 million patients leaked in 2020 Indiana University hospital breach

Social security numbers from 1.1 million patients leaked in 2020 Indiana University hospital breach

The sensitive information about 1.1 million patients served by Indiana University Health Hospital was leaked in a data breach that occurred in 2020, according to announcement letters issued by a provider of the hospital.

Files to the Maine Attorney General’s Office say the breach came from MCG Health and involved names, CPR numbers, medical codes, mailing addresses, phone numbers, email addresses, dates of birth and gender.

MCG Health – based in Seattle – is part of Hearst Health and says it provides healthcare facilities with artificial intelligence, technological solutions and “objective clinical expertise” designed to enhance “economic and clinical outcomes.”

The company began sending out thousands of breach notices on June 10, after discovering it was being hacked on March 25.

In the letters sent to the victims, MCG Health said it hired a “forensic investigation firm” to help with the response and “coordinate with the FBI.”

The letters to the victims omit the fact that the investigation revealed that the hack actually took place “on or around February 25-26, 2020.”

“Because there is uncertainty as to the date the breach occurred, however, MCG has filled in the required field above regarding the breach date with the date MCG discovered the breach,” the company said in its records to the Maine Attorney General’s office.

A spokeswoman for Indiana University Health addressed all inquiries about the breach to MCG Health, which did not respond to requests for comment about the time between when they discovered the breach and when they notified the victims.

MCG Health said it will offer victims two years of free identity protection and credit monitoring services through Experian.

The Herald-Times in Bloomington, Indiana reported that patients in at least nine different states were affected by the fracture.

At least one person with information involved in the breach, Cynthia Strecker, has brought an action against MCG Health over their handling of the incident.

Jonathan has worked all over the globe as a journalist since 2014. Before moving back to New York City, he worked for news media in South Africa, Jordan and Cambodia. He has previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published.