The personal data of about 2,000 Lurie Children’s Surgical Foundation patients was leaked earlier this year following a security breach in the foundation’s billing software.
Patients affected by the breach saw their Social Security numbers leaked to a still-unknown party, along with their names, dates of birth and addresses. The breach took place between March 29 and April 14 of this year, and affected patients found out on April 28, according to a Tuesday news release from Lurie Children’s Hospital.
Lurie Children’s Surgical Foundation is a nonprofit associated with Lurie Children’s Hospital. The group raises money for secondary surgical procedures Lurie patients may need — including cardiac surgery, fetal surgery and transplant surgery — so that specialized care can be provided regardless of patients’ ability to pay.
NextGen Healthcare, the company contracted to run the foundation’s billing software, does not know who it was that accessed the confidential data, though a forensic investigation is underway.
NextGen does not believe that patients’ actual medical records were accessed in the breach, according to the news release. The company will work with credit monitoring company Experian to offer two years’ worth of free consulting services related to fraud and identity theft to the 1,997 impacted patients.
Lurie Children’s Hospital declined to comment further on the breach and its lasting effects.
