An employee leaks a file with patients' data


Back to news

At Chicago Rush Medical Center, an employee of one of the hospital system’s billing processing vendors, has exposed patients’ data. The details included names, addresses, social security numbers and health insurance information. The file was shared with an unauthorized party and affected about 45,000 Medical Center clients.

There was no medical data compromised. Although the leakage happened in May 2018, the incident was discovered only on January 22. The details were stated in a financial filing on February 12 and on February 25 the patients whose data was breached got an email from the Center commenting the situation.

It is not clear whether a document was shared accidentally or maliciously, the human factor is the reason why the personal data was leaked.

Rush claims that the contract with the vendor has been suspended and that the internal procedures and contracting processes are now being reviewed.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.