Shaw Local

News   •   Sports   •   Obituaries   •   eNewspaper   •   The Scene
Illinois Valley

Data breach exposes sensitive patient information across multiple OSF facilities

Social Security numbers, medical information may have been accessed

OSF St. Clare in Princeton

OSF said a cybersecurity incident involving former vendor Cerner may have exposed some patient information but did not impact hospital operations. (Shaw Local News Network)

By Bill Freskos

OSF recently confirmed that their patients personal and medical information may have been exposed in a breach involving its former electronic health record software vendor, Cerner.

According to a notification letter sent to patients of OSF Saint Clare Medical Center in Princeton, Cerner informed the hospital in September that an unauthorized third party gained access to legacy Cerner systems as early as January this year and obtained certain data. The breach did not involve any systems managed or maintained by OSF Saint Clare.

While only Saint Clare patients were notified, OSF confirmed Cerner’s data breach involved multiple facilities and was not limited to just the hospital in Princeton. For security reasons, they were unable to provide any additional details regarding their systems or contractual relationships.

Cerner initiated its incident response process after discovering the breach, secured the affected systems, engaged external cybersecurity specialists and notified police. Cerner later told OSF that investigators asked for a delay in notifying patients and hospital customers, saying early notification could have interfered with the investigation. OSF said it is notifying patients as soon as it was permitted to do so.

In November, Cerner completed a data review and gave OSF a list of patients whose information may have been involved.

The information potentially accessed includes patient names, Social Security numbers and information contained in medical records, like medical record numbers, physicians, diagnoses, medications, test results, images and details related to care and treatment.

To help those patients, OSF and Cerner are offering two years of complimentary credit monitoring and two years of identity restoration services.

OSF said it no longer uses Cerner’s services.

Paul Arco, media relations coordinator for OSF HealthCare’s Northern Region, said the incident on Cerner’s systems involved numerous healthcare facilities and was not limited to just OSF Saint Clare Medical Center and the complimentary identity monitoring services are being offered as a precaution.

OttawaPeruOSF HealthCareHealth CareMyWebTimesNewsTribunePrincetonBCRIllinois Valley Front Headlines

Bill Freskos

Bill Freskos is a multimedia journalist based in the Illinois Valley. He covers hard news, local government, sports, business enterprise, and politics while contributing to Shaw Local Radio stations for Shaw Media across La Salle, Bureau, and Putnam counties.