Social Security numbers from 1.1 million patients leaked in 2020 Indiana University hospital breach

The sensitive information of 1.1 million patients served by Indiana University Health hospital was leaked in a data breach that took place in 2020, according to notification letters sent out by a vendor of the hospital. 

Filings with the Maine Attorney General’s office say the breach came from MCG Health and involved names, Social Security numbers, medical codes, postal addresses, telephone numbers, email addresses, dates of birth and genders. 

MCG Health – based in Seattle – is part of Hearst Health and says it provides healthcare facilities with artificial intelligence, technology solutions and “objective clinical expertise” designed to improve “financial and clinical outcomes.”

The company began sending out thousands of breach notification letters on June 10 after it discovered it was hacked on March 25. 

In the letters sent to victims, MCG Health said it hired a “forensic investigation firm” to help with the response and is “coordinating with the FBI.” 

The letters to victims omit the fact that the investigation revealed the hack may have actually taken place “on or around February 25-26, 2020.”

“Because there is uncertainty regarding the date the breach occurred, however, MCG has populated the mandatory field above regarding the breach date with the date MCG discovered the breach,” the company said in its filings with the Maine Attorney General’s office. 

An Indiana University Health spokesperson directed all inquiries about the breach to MCG Health, which did not respond to requests for comment about the gap of time between when they discovered the breach and

Read more

Explore the site

More from the blog

Latest News