Experian Health is being blamed for a data security incident that exposed the confidential information of more than 700 patients at a Chicago hospital—just weeks after another of the country’s three major credit bureaus experienced one of the largest data breaches in U.S. history.
The U.S. Department of Health & Human Services’ Office for Civil Rights says it is currently investigating the unauthorized disclosure via a network server of unsecured protected health information that affected 727 individuals at Cook County Health and Hospitals System. The HHS OCR is tasked with protecting the privacy and security of health information.
A hospital spokeswoman, however, said in a phone interview that the health system’s network server was not breached. Rather, according to a press release that the hospital issued last month, it was notified on Aug. 1 by Experian that the credit reporting agency inadvertently sent patient information to other health care facilities during a computer system upgrade last March. As required by federal law, the hospital late last month reported this information to HHS. Cook County Health works with Experian to help the hospital determine patients’ insurance eligibility.
Experian released patient names, account numbers, medical records numbers and dates of birth, according to the press release. Addresses, Social Security numbers and clinical information were not affected, it added. The hospital says it has not been notified of any unauthorized use of the information.
An Experian spokesman characterized the incident not as a data breach but as “an isolated processing error which involved the delivery of limited patient identifying information to various healthcare organizations.”
“The information was only delivered to Experian clients that are covered by the Health Insurance Portability and Accountability Act (HIPAA),” the company said in an e-mailed statement. “As soon as this was discovered, Experian took immediate action to correct the error.”
In September, credit reporting giant Equifax Inc. announced that it had experienced a catastrophic data breach earlier this year that potentially compromised the personal information of nearly half the U.S. adult population and caused $87.5 million of expenses.
DLA Piper, a firm that was itself the victim of a hack this year, is helping steer Equifax through the data breach scandal. Susan Estrich of Quinn Emanuel Urquhart & Sullivan represents its CEO in his personal capacity.