Regulators to investigate Advocate data breach

Source: Chicago TribuneAug.存倉 28--Federal regulators and the Illinois Attorney General's office confirmed this week they will investigate Advocate Medical Group's data breach, the second-largest loss of unsecured protected health information that has been reported to the Department of Health and Human Services since mandatory reporting began in September 2009.The Advocate breach, which the health care nonprofit revealed on Friday, affects more than 4 million patients seen by Advocate doctors from the early 1990s through July.Patients began receiving notification letters on Saturday, informing them of the July 15 theft of four unencrypted desktop computers in a Park Ridge administrative office.Advocate said the data includes names, addresses, dates of birth and social security numbers. Some medical data also is at risk, including diagnoses, medical record numbers, medical service codes and health insurance information.Rachel Seeger, a spokeswoman for the Health and Human Services Department, said the agency "takes these investigations very seriously, and since 2009, we have had a track record of taking a number of very high-profile actions that have sent clear messages to the industry that we expect full compliance with (data) privacy and security rules."The agency, which investigates every data breach that involves more than 500 people, has collected more than $18.4 million in fines in 16 major cases. Fines are most often levied to health care providers and other entities that handle patient data in cases wh迷你倉re so-called protected health data is exposed.In the Advocate case, several categories of data reported as at risk appear to qualify.Seeger declined to address the Advocate breach in detail, citing an "active law enforcement investigation."Maura Possley, a spokeswoman for the Illinois Attorney General's Office, said Wednesday that investigators began working the case after Advocate notified the state of the breach on Aug. 22. She declined to provide further details of the investigation.Kelly Jo Golson, an Advocate senior vice president, acknowledged Wednesday that the sensitive data should not have been stored on the computers' hard drives."This type of data should always be maintained on our secure network," she said.Advocate is working with several outside experts and consultants to address the issue. Its efforts include mapping all of its computer and software systems to identify where patient information is stored and ensure it is secured, Golson said."We understand why patients are anxious and concerned," she said. "We deeply regret the inconvenience this incident has caused the patients who have entrusted us with their care."A call center set up to handle patient inquiries is handling about 2,000 calls a day, Golson said. In response to the high volume, Advocate has increased its call center staffing by about 30 percent.pfrost@tribune.com -- Twitter: @peterfrostCopyright: ___ (c)2013 the Chicago Tribune Visit the Chicago Tribune at .chicagotribune.com Distributed by MCT Information Services自存倉