Incident Details
The Perry Johnson & Associates (PJ&A) data breach involving protected health information of over 13 million patients triggered a federal criminal investigation in 2023, impacting Cook County's public health system and millions nationwide.
Incident
How Did the Breach Happen?
Hackers accessed personal information like birth dates, Social Security numbers, and medical test results of patients by exploiting security vulnerabilities between March 27 and May 2.
What Data has been Compromised?
Personal information including birth dates, Social Security numbers, and medical test results of affected patients.
Why Did the company's Security Measures Fail?
Failures to exercise reasonable care in safeguarding information and delayed notification of the breach left patient data vulnerable to exploitation.
What Immediate Impact Did the Breach Have on the company?
PJ&A faced legal actions including multiple lawsuits and accusations of negligence in protecting patient data.
How could this have been prevented?
Regular security assessments, prompt notification of breaches, and robust data protection protocols are essential to preventing such incidents.
What have we learned from this data breach?
The importance of proactive data security measures, timely breach disclosure, and the potential legal consequences of mishandling sensitive information.
Summary of Coverage
The PJ&A data breach led to a federal criminal investigation due to compromised personal information of millions of patients, underscoring the critical need for stringent data protection measures in healthcare services.