Illinois healthcare provider experiences security incident affecting 65,000 individuals

Mobile Anesthesiologists, an Illinois-based company offering healthcare services throughout the country, reported a breach in March affecting 65,403 individuals, according to the Office for Civil Rights (OCR) breach report.

In a security notice posted on its website, Mobile Anesthesiologists said it recently learned that sometime prior to December 14, a limited amount of the organization’s data may have been acquired by an unauthorized individual as the result of a technical error that allowed the data to be publicly accessible. The nature of the technical error was not provided.

Mobile Anesthesiologists worked with outside cybersecurity professionals to look into the incident. The investigation, which concluded on January 28, found that the accessible data included personal information and protected health information (PHI), including the following:

• Dates of birth
• Full names
• Health insurance information
• Medical procedure dates/names

In the security notice, Mobile Anesthesiologists said Social Security numbers and credit card information were not impacted by the incident. To date, the organization is not aware of any misuse of the information that was available.

Mobile Anesthesiologists provided written notification on March 10 to potentially affected individuals. The organization also noted that it has corrected the misconfiguration that allowed the accidental exposure of information.