Data breach reported by Chicago hospital system affects 45,000

Rush System for Health in Chicago revealed in a recent quarterly report that the personal information of approximately 45,000 patients was compromised in a data breach.

Rush discovered the breach on January 22 when it learned that an employee of a third-party claims processing vendor gave an unauthorized user access to a file that contained patient information, CBS Chicago reports. The patient information exposed in the breach includes:

• Addresses
• Birthdates
• Health insurance information
• Names
• Social Security numbers

In response to the breach, Rush suspended its contract with the vendor and began to notify affected patients. According to the Chicago Tribune, Rush started notifying patients nearly a month after discovering the breach, because it took time to review all the data and to set up a call center to assist affected patients. Rush is also reviewing its contracting processes and internal procedures.

This breach is the second reported this year by the hospital system. In February, Rush University Medical Center reported that it sent incorrectly addressed envelopes to 908 individuals containing a letter notifying patients of a nurse practitioner’s retirement at its Epilepsy Center.