Cyber Incident Victim: CareATC

On July 13, 2021, DuPage Medical Group (DMG) experienced a network outage caused by a cyberattack, disrupting its systems. The Illinois-based healthcare provider initiated an investigation with a third-party cyber-forensic specialist firm, which determined threat actors had gained unauthorized access to portions of the network between July 12 and July 13. Forensic analysis confirmed the attackers accessed specific segments of DMG’s infrastructure containing patient data but did not compromise all systems. The compromised information included names, contact details, diagnosis codes, Current Procedural Terminology (CPT) codes related to medical procedures, and treatment dates. Social Security numbers were exposed for a subset of affected individuals, though no financial information was involved in the breach.

DMG notified 655,384 patients of the incident in late August 2021, ranking it among the ten largest healthcare sector breaches reported that year. The organization offered free credit monitoring and identity theft protection services to all impacted individuals. In response to the attack, DMG implemented additional cybersecurity measures and initiated a review of its security policies and technology roadmap to prevent future incidents. Local law enforcement continued investigating the breach as of the notification date, though no specific threat actor or attack vector was publicly identified. The outage and subsequent data compromise underscored operational disruptions and risks to patient confidentiality stemming from the unauthorized network access.