Cyber Incident Victim: DuPage Medical Group
Date:
Jul 2021
Location:
United States of America
Summary
A cyberattack targeting DuPage Medical Group disrupted network systems and compromised data for over 655,000 patients. Threat actors accessed portions of the network containing patient names, contact details, diagnosis and procedure codes, treatment dates, and Social Security numbers for some individuals, though no financial information was affected. The organization engaged forensic specialists to investigate the incident, implemented additional security measures, and offered affected patients complimentary credit monitoring and identity theft protection. Law enforcement continues to investigate the attack while the medical group reviews its security policies to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
DuPage Medical Group (DMG) experienced a cybersecurity incident that disrupted its network systems on July 13, 2021. The organization discovered that threat actors had gained unauthorized access to its network between July 12 and July 13, prompting an immediate investigation with assistance from a third-party cyber-forensic specialist firm. Forensic analysis confirmed the attackers accessed specific portions of DMG's network containing patient data, though the full scope of systems compromised was not detailed in public disclosures. The investigation determined that personal and medical information of 655,384 patients was exposed, making this breach one of the ten largest reported in the healthcare sector during 2021. Compromised data included patient names, contact information, diagnosis codes, Current Procedural Terminology (CPT) codes related to medical procedures, and treatment dates. A subset of patients also had their Social Security numbers accessed, though no financial information was impacted by the breach. The network outage caused operational disruptions, but DMG did not specify the duration or extent of service interruptions beyond acknowledging the incident's occurrence.
DMG began notifying affected patients on or around August 31, 2021, more than six weeks after discovering the breach. The organization offered all impacted individuals complimentary credit monitoring and identity theft protection services as remediation. In response to the attack, DMG implemented additional cybersecurity measures and initiated a review of its security policies to strengthen defenses against future incidents. The medical group stated it was refining its technology roadmap as part of these security improvements, though specific technical controls or policy changes were not disclosed. Law enforcement agencies continued investigating the incident at the time of the notification, but no attribution to specific threat actors or motives was publicly identified. The breach exposed sensitive health information that could potentially facilitate medical identity theft or targeted phishing campaigns against patients, though DMG reported no evidence of actual misuse at the time of disclosure. The incident highlighted vulnerabilities in healthcare data security, particularly regarding the protection of treatment codes and identifiers that could reveal sensitive medical histories.