MLK Launches Investigation of South Shore Hospital Data Breach

Feb. 21, 2022 – Chicago-based South Shore Hospital notified current and former patients about a cybersecurity incident that compromised the personal information of 115,670 of its patients.  It’s investigating into the security breach revealed the files impacted may have contained first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare/Medicaid information for SSH patients and employees. On February 7, 2022, South Shore sent a letter to all persons whose data was compromised by the breach.

What Happened?

On Friday, December 10, 2021, South Shore Hospital detected unauthorized activity on its networks. Upon discovery, it activated its emergency operating protocols and hired independent computer forensic experts to investigate and determine what information may be at risk.

What is South Shore Hospital Doing in Response to the Breach?

According to the notice letter it sent to its patients, South Shore is implementing additional security controls to protect its network. South Shores says that these steps will include enforcing stronger password requirements, enabling multi-factor authentication, and additional data privacy and security awareness training for SSH’s workforce. 

South Shore is also offering identity theft protection services through IDX, a data breach and recovery services expert, at no charge to some of the patients affected. IDX services include 12 months of credit and identity theft monitoring, a $1,000,000 insurance reimbursement policy, and fully-managed identity theft recovery services.

Should You Be Concerned?

If you received a data breach notification letter from South Shore, your personal data may have been seen by unauthorized cyber-criminals. Worse, the cyber-criminals may have removed your data from the company’s network so they can sell it on the Dark Web, leaving you vulnerable to credit card fraud, identify theft, and a variety of scams.

Cybercriminals can pair the data with other available information to commit a broad range of fraud in a Class Member’s name, such as: obtaining employment; obtaining a loan; applying for credit cards or spending money; filing false tax returns; stealing Social Security, and other government benefits; and applying for a driver’s license, birth certificate, or other public documents.

Armed with personal information, cybercriminals can easily obtain tax returns or open fraudulent credit card accounts.  Social Security numbers can be used to create a false identity for someone who commits a crime, impairing the victim’s ability to gain employment or obtain a loan. It goes without saying that cybercrimes can have a significant negative financial impact on their victims, as well as cause severe emotional distress.

Victims of the breach can take a variety of measures to protect themselves as discussed below.

What You Should Do

If you received a data breach notification letter from South Shore, you should take certain steps to safeguard your identity. We recommend the following:

  • Enroll in the free credit monitoring service provided by South Shores.
  • Get your free credit report from, and check for any accounts or charges you don’t recognize.
  • Check the monitoring application regularly to see if your data has been compromised or if your data is being used for fraudulent purposes;
  • Consider placing a free credit freeze.  A credit freeze makes it harder for someone to open an account in your name.
  • Try to file your taxes early, before a scammer can. Tax identity theft happens when someone uses your Social Security number to get a tax refund or a job. Respond right away to letters from the IRS.
  • Don’t believe anyone who calls and says you’ll be arrested unless you pay for taxes or debt — even if they have part or all of your Social Security number, or they say they’re from the IRS.
  • Change your online passwords and security questions;
  • Regularly review your credit card and bank account statements for signs of suspicious activity;
  • Monitor your credit report for any unexpected changes that may be a sign of identity theft;
  • Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
  • Immediately notify your banks and credit card companies if you identify any suspicious activity

What Else Should You Do?

Data breach victims may be able to seek compensation through a class action.  Class actions are frequently filed against companies that are breached. While these cases sometimes go to trial, most data breach class action settlement and provide a variety of benefits to class members.  These benefits may include additional years of credit and identity monitoring, compensation for time spent responding to the breach, reimbursement for any losses from fraud related to the breach, or nominal damages.  If you want to learn more about data breach class actions and how you can participate in one against South Shores, you should contact a data breach attorney at Mason Lietz & Kliner as soon as possible.