Four computers containing personal data for some 4 million Advocate Medical Group patients were stolen last month from one of the company's Park Ridge administrative offices, hospital officials announced Friday.
The computers, stolen during an overnight burglary on July 15, contained patient information including names, addresses, dates of birth and Social Security numbers, but did not contain patient medical records, officials said.
The computers did contain some clinical information, such as treating physicians and/or departments, diagnoses, medical record numbers, medical service codes and health insurance data.
Advocate began sending letters about the burglary to affected patients Friday. The files for an estimated 4.03 million patients includes anyone who has visited a doctor in the Advocate Medical Group, a physician-led group that includes about 1,000 doctors at more than 200 locations in the Chicago area and central Illinois. It is part of Advocate Health Care, the largest health system in Illinois with 13 hospitals.
"Security is a top priority for our health care ministry. Nothing leads us to believe that the computers were taken for the information they contained or that any patient information has been used inappropriately," said Kevin McCune, Advocate's chief medical officer, in a statement.
The computers were password protected, but unencrypted, officials said.
Advocate is offering patients credit monitoring services. Instructions for enrollment will be provided in the letters sent to patients.
Stephanie Johnson, an Advocate spokeswoman, said officials have also stepped up security measures by adding 24/7 security personnel at the office where the break-in took place at 205 W. Touhy Ave.
Security cameras were in place at the time of the burglary, she said.
The Park Ridge Police Department was notified after the break-in occurred, but to date have not been able to recover the computers. Police officials did not return a call seeking comment.
Advocate officials waited more than a month to contact patients after the security breach occurred, Johnson said, because they first wanted to conduct an internal audit to see what data the computers contained, and then pinpoint which patients may have been affected.
The hospital group has set up a call center for patients who believe they may be affected and a website, www.patientnotice.org, that went live Friday.
Officials from the Illinois attorney general's office said Friday they tell consumers who call the office's identity theft hotline to:
• Consider placing a fraud alert on your credit report, which lasts for 90 days. Only one major consumer reporting agency -- TransUnion, Experian, or Equifax -- needs to be contacted.
• Obtain one of three free yearly credit reports at annualcreditreport.com and monitor the reports throughout the year.
• Consider placing a freeze on your credit report by contacting each consumer reporting agency separately in writing. That process will disable access to your credit report by any new potential creditors unless you provide the PIN that the consumer reporting agency provides to you.
The attorney general's office recommends consumers with questions contact the identity theft hotline at 866-999-5630.