Rush System for Health says personal information from about 45,000 patients may have been compromised in a data breach.
The health system said in a recent financial filing that the exposed data may include names, addresses, birthdays, Social Security numbers and health insurance information. Rush said that to its knowledge none of the data had been misused and didn’t include medical information. Officials say the breach happened after an employee of one of Rush’s financial services vendors improperly shared a file with an unauthorized party. They say it likely happened in May 2018.
Rush officials discovered the breach Jan. 22. They are offering affected patients a free one-year membership to an identity protection service.
The health system has three hospitals in the Chicago area, including Aurora, Chicago and Oak Park.