Patient claims identity theft after Advocate breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://abclocal.go.com/kfsn/story?id=9246883

September 12, 2013 (PARK RIDGE, Ill.) -- A man says he is a victim of
identity theft after his personal information was on one of the
computers stolen from the Advocate Medical Group in suburban Park
Ridge. That theft put more than 4 million patients at risk.

Some patients report identity thieves have tried to use that
information to open unauthorized accounts, and in some cases,
succeeded. A local couple was alerted when cell phone companies sent
letters confirming new accounts, accounts they knew nothing about.

Newlyweds Jason and Marquita Cook have plans for their growing family.
But plans to buy investment property or anything requiring a credit
check are on hold.

Related Content

STORY: Identity theft at Advocate puts patients at risk
STORY: Advocate Health patients file class action suit
"I'm definitely worried about the future and what's going to happen to
my name," said Jason Cook, alleged identity theft victim.

They became aware of 11 new unauthorized cell phone numbers in Jason's
name in the last few weeks. And recently they were informed by
Advocate Medical Group that Jason's personal information was among
four million patients personal information stolen.

"These are the things we found in this short time, I don't know what's
out there," said Jason Cook.

"I was very alarmed and very frustrated with the situation," said Marquita Cook.

The theft of two unencrypted computers on July 15 from an Advocate
facility on Touhy in Park Ridge was made public August 23. The Cook's
say one of the unauthorized accounts was opened on Touhy and they live
in the south suburbs.

"Not only are we talking about credit but we're talking about
livelihood because this person who has Jason's identity also has our
address," said Marquita Cook.

The Cooks are part of a class action lawsuit against Advocate alleging
insufficient protection of personal information

"It's not an area in which where any healthcare organization can take
any shortcuts or afford to be lax," said Shannon McNulty, attorney for
the Cooks.

Advocate will not discuss pending litigation but the health system's
spokeswoman says steps have been taken to better secure patient
information.

"We take seriously that our patients entrust us with their care and
we're committed to offer them support and take steps to improve," said
Kelly Jo Golson, Advocate Healthcare.

Advocate reports 100,000 patients have signed up for the free credit
monitoring offered by Advocate. Patients who were notified by Advocate
and anyone with concerns about compromised information can set up
fraud alerts with the credit bureaus.

ABC7 has learned a north suburban woman had a fraud alert which
prevented identity thieves from opening accounts.

(Copyright ©2013 WLS-TV/DT. All Rights Reserved.)
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.