Peoria, Ill.-based OSF HealthCare began notifying patients Oct. 1 that their protected health information was exposed for more than six weeks during an attack on its IT systems earlier this year.
OSF HealthCare experienced a computer systems outage from April 23-25, which sent the health system into downtime procedures and protocols for two days, the Journal Star reported.
In an Oct. 1 notice on its website, OSF HealthCare said the outage was the result of a data security incident. After investigating the incident, the health system discovered that an unauthorized party gained access to its systems from March 7 to April 23. As a result, the hacker was able to access certain files belonging to some patients at OSF Little Company of Mary and OSF Saint Paul.
Patient information exposed by the incident included names, birthdates, Social Security numbers, treatment details, prescription details and health insurance details. Financial information belonging to a "smaller subset of patients" also was exposed, according to the notice.
The health system is offering free credit and identity monitoring services to patients whose Social Security numbers or driver's license numbers were exposed. OSF HealthCare also said it has implemented new safeguards and technical security measures to protect its systems.
OSF HealthCare comprises 14 hospitals and numerous facilities across Illinois and Michigan. During the April outage, all hospitals and facilities remained open and accepted new patients.