cognitive cybersecurity intelligence

News and Analysis


Cook County Health and Hospitals System ends partnership with medical transcription service, alerts patients of a breach

Hello, chums! Let’s delve into an interesting tale that’s been brewing stateside in Cook County, Illinois. As always, though, let’s mind the gap and make sure our tea is securely within reach; data breaches are a wild ride.

This tale begins with the Cook County Health and Hospitals System, known to locals as CCH. They dropped a bit of a bombshell on September 24, notifying the relevant authorities of a data breach. At that point, it already looked rather grim, with around 500 patients’ data believed to be involved. You see, when an institution says “500,” it’s generally code for “We’ve got a colossal mess on our hands, and we’re not quite sure how big yet.” This number is a stipulation by the boys in suits, letting the world know they’ve become aware of a breach touching more than 500 people’s data within two months.

But of course, in such intriguing tales, there’s a twist; enter Perry Johnson & Associates, Inc., or PJ&A for short. Each word is a tad too long to say over a pint; we Brits know time is precious. PJ&A would do all the heavy lifting of medical transcription for CCH.

As the story unfolds, it begins to look more like an episode of ‘Midsomer Murders’ as, on July 21, 2023, PJ&A were the bearers of bad news. They informed CCH about a “data security incident” that had occurred while investigation their systems. Get this – some unauthorized trespasser had a bit of a nosy around the PJ&A’s digital filing cabinets which housed CCH’s patient information back in April of that year.

Naturally, after getting wind of the news, CCH didn’t stand for it, cutting ties quicker than you can say “crumpets.” However, it’s worth noting that PJ&A insist they’re not the sole victims; many other organizations have apparently been hit by the same unfortunate incident. But, you know what they say about rumours. To date, no one else has come forward, and PJ&A’s not said a peep about it on their website either.

Things finally came to a head on October 9, 2023, when PJ&A handed CCH a rather hefty list of patients affected – names, dates of birth, addresses, medical record numbers, encounter numbers, medical information, and even the occasional social security number. It certainly chills the beer – or in our case, cools the tea – to see just how much is at stake!

CCH reassures everyone they’re methodically checking the list twice to understand who’s been affected, with promises to contact impacted individuals directly.

So, at least they’ve got that going for them. But it’s another stark reminder about the importance of cybersecurity in our seemingly everconnected world, especially where sensitive patient data is involved. We wouldn’t want some blighter rummaging through our personal details now, would we?

by Parker Bytes

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

Connecting Tech to Black America

Tech evangelist David Lee spotlights the underrepresentation of Black Americans in tech, an issue he contends requires collective action to rectify. He suggests fostering connections

Zero-Day Attack Hits Cybersecurity Leader

The MITRE Corporation, a contributor to public interest cybersecurity, disclosed a data breach originating from a state-backed hack. Detected after suspicous activity was noticed on

Defining and Understanding Trust Assurance

Trust is essential for businesses and building it requires embracing the pillars of trust assurance: predictive, integrated, and transparent systems. Through trust assurance, businesses can