Rush System for Health says personal information from about 45,000 patients may have been compromised in a data breach.
The health system said in a recent financial filing that the exposed data may include names, addresses, birthdays, Social Security numbers and health insurance information. Rush said that to its knowledge none of the data had been misused and didn't include medical information. Officials say the breach happened after an employee of one of Rush's financial services vendors improperly shared a file with an unauthorized party. They say it likely happened in May 2018.
Rush officials discovered the breach Jan. 22. They are offering affected patients a free one-year membership to an identity protection service.
"We take these matters very seriously," said spokesperson Deb Song.
The health system has three hospitals in the Chicago area, including Aurora, Chicago and Oak Park.
"Rush understands the importance of maintaining the privacy and security of patients’ information and we will maintain our diligence to prevent this in the future, including reviewing contracting processes and vendor oversight," the hospital said in a statement.