This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

CHICAGO — A large-scale data breach of NorthShore Health Systems forces the hospital to warn patients about potential cyber crimes. Now one expert thinks that other hospitals could be next.

While hospitals have been focused on the COVID-19 pandemic, in at least one case, hackers focused on them. NorthShore Hospital reported a data breach that affected an estimated 348,000 people. According to NorthShore, the information taken included:

  • Full names
  • Date of birth
  • Addresses
  • Phone numbers
  • E-mails
  • Admission and discharge dates
  • The name of the physician

Rich Stuppy isn’t connected to NorthShore or the investigation of the breach but he is one of the chief officers at Kount, specializing in data breach and fraud control. He said right now, hospitals in general have a lot on their plate.

“On one of the things that will happen is that many hospitals are limiting non-essential staff as fraudsters target them they find commonalities,” Stuppy said. “They get smarter and sharper at every one that they go to.”

In this case, NorthShore confirms that social security numbers weren’t accessed and that they moved quickly to minimize any problems.

“This incident was not a breach of NorthShore’s internal systems — no patient medical records were accessed,” the hospital said.

But targeting hospitals could become a dangerous trend. Just last week, Northwestern Memorial Hospital notified 56,000 patients that personal records were accessed. And Stuppy thinks others could follow as hackers develop a technique.

“Once they learn to exploit it, it’s copy and paste,” he said. “The businesses that are hacked are victims as well, it’s a very difficult challenge.”

NorthShore also tells me that based on the data involved, there is low risk of harm to affected individuals. They are notifying everyone impacted and reminding people to regularly monitor personal accounts for any suspicious activity.