Notice of Data Security Incident

Superior Air-Ground Ambulance

Superior Air-Ground Ambulance Service, Inc., on behalf of itself and relevant affiliated covered entities and subsidiaries, including Metro Paramedic Services, Inc. and Illinois Medi-Car, Inc., (“Superior”) recently informed Cook County Health (“CCH”) of a data security incident that may have impacted CCH patients’ information. This notice provides information about the event, our response to it, and steps impacted individuals can take to help protect their personal and protected health information. Superior has CCH patient information because CCH contracts their services to provide patients with ambulance, paratransit and/or courtesy van transportation.Impacted patients were mailed a copy of this letter to the most recent home address on file.

What Happened? In May 2023, Superior learned of unusual activity within its computer systems. They promptly took steps to secure the system and began a comprehensive investigation to confirm the full nature, scope, and impact of the event. On June 23, 2023, the investigation determined that an unauthorized actor copied certain files from the network between May 15 and May 23, 2023. Superiorthen worked to undertake a comprehensive and time-intensive review of the affected files to identify and catalogue what information was present and to whom that information relates. They also worked to determine contact information for those individuals. It is important to note that no CCH systems or records were affected by this event.

What Information Was Involved? Based on the investigation, each individual may have had different information impacted. Data elements included name, date of birth, address, and location of appointment.

What We Are Doing. Superior views its responsibility to safeguard information in its possession as a top priority. Upon learning of this incident, they promptly took steps to secure their systemsand began a thorough investigation. Since the event, Superior has been working to provide affected individuals with accurate and complete notice. They have taken steps to review policies and procedures and have added additional security measures. Superior is also providing notice of this incident to potentially impacted individuals along with guidance on how impacted individuals can better protect their information. Superior has also notified relevant state and federal regulators as applicable.

What You Can Do. CCH and Superior encourage impacted individuals to remain aware of potential incidents of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and to detect errors.

For More Information. If you have questions about this incident, please call our dedicated assistance line at 1-833-566-2450, 8:00 am to 8:00 pm Eastern time, Monday through Friday, excluding holidays. You may also write to Superior directly at: 395 W. Lake St., Elmhurst, Illinois 60126.

 

Notice of Data Security Incident

Gaia Software (Dialysis Care Centers)

Gaia Software, LLC (“Gaia”) is notifying individuals whose personal and/or protected health information may have been involved in a recent data security incident. Gaia is a third-party software company that is contracted with Dialysis Care Centers (“DCC”) to provide electronic medical record and billing management software services. Cook County Health (“CCH”) contracts with DCC to provide staffing and operational and billing support for dialysis services to CCH patients.

It is important to note that no CCH or DCC records or information systems were compromised as part of this incident.

What Happened:

On or about February 5, 2024, Gaia detected that it was the target of a cybersecurity attack. An unauthorized third party attempted to access Gaia’s computer network. Once aware of the incident, Gaia secured its network environment and started an investigation. The investigation was performed with the help of independent information technology (“IT”) security and forensic investigators to determine the scope and extent of the unauthorized access to its systems and any personal and/or protected health information. Gaia then provided notice of this data security incident to DCC on February 19, 2024 and DCC notified CCH on February 29, 2024. During the investigation, it was confirmed to CCH that personal and/or protected health information of current and former patients may have been accessed on April 19, 2024.

What Information Was Involved:

While Gaia found no evidence that information was accessed for the purpose of misuse, it is possible that patients’ name, mailing address, date of birth, social security number, health insurance information, and/or health information could have been accessed. The types of information affected were different for each individual, and not every individual had all of the information listed above exposed.

As of this writing, Gaia has not received any reports of related identity theft since the date of the incident.

What We Are Doing:

The security and privacy of our patients’ information remains one of CCH’s top priorities. CCH confirmed that Gaia engaged cybersecurity experts and is taking steps to prevent a similar event from occurring in the future. Gaia also added additional safeguards and security measures to better protected the privacy and security of its systems, as well as improved its policies and procedures relating to the security of its systems and information life cycle management.

In response to the incident, CCH and DCC are providing affected individuals with access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score/Cyber Monitoring services at no charge. These services provide affected individuals with alerts for 12 months from the date of enrollment when changes occur to their credit file. The notification is sent the same day as the change or update takes place with the credit bureau. Cyber Monitoring will look out for personal data on the dark web and alert affected individuals if their information is found online.

CCH and DCC are also providing affected individuals with proactive fraud assistance to help with any questions, or in the event an affected individual becomes a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services.

For More Information:

Individuals should refer to the notice they received in the mail regarding steps they can take to protect themselves. If an individual believes they may have been impacted by this incident but did not receive a letter in the mail, representatives will be available to assist with questions regarding this incident between the hours of 8:00 a.m. to 8:00 p.m. Eastern time, Monday through Friday, excluding holidays. Please call the help line at 1-800-405-6108.

 

Notice of Data Security Incident
en_USEnglish