Breach after patient data pops up online: A debt collection agency that contracted with University of Chicago Physicians Group is notifying nearly 1,400 patients that their protected health information, insurance data and Social Security numbers have been compromised after being accessible to viewers on the Internet.
ICS Collection Service Inc. on July 9 received a report that a website user could view sensitive information relating to other debtors while on its website. Information accessible to viewers included patient names; addresses; Social Security numbers; dates of birth; responsible party names and addresses; insurance payment and dates; insurance companies and policy numbers; procedures, diagnoses and in-depth descriptions; dates of service; and treating physician names relating to certain UCPG patients.
“When ICS received this report, we commenced an internal investigation. We also contacted our third-party website and software vendors, corrected the security setting and disabled access to the page on our website utilized by debtors to make payments and other account adjustments,” a company notice read.