A data breach at Rush University Medical Center in Chicago, Ill., exposed the personal information of approximately 45,000 patients.
Rush System Health revealed in a quarterly report that it learned of the breach on Jan. 22, reports CBS Chicago. It believes an employee of a third-party vendor provided someone with unauthorized access to system files.
Data inside the files included addresses, Social Security numbers, birthdates and health insurance of patients. Medical information or details on treatment, however, were not stolen.
After the discovery, Rush launched an internal investigation, reports Finger Lakes Times. The hospital says that to its knowledge, the information was not misused.
Hospital officials say they have suspended its contract with the vendor and is working to prevent future breaches.
“Although Rush is not aware of any misuse of information arising out of this incident, we are providing notice of the incident to all potentially affected individuals as well as providing notice to the Department of Health and Human Services of Civil Rights,” the quarterly report said.
Letters were sent out to affected patients on Feb. 25, who were told they will have 12 months of identity protection services for free.
It also recommended that patients check their credit reports, review their benefit plans with health insurers and consider freezing their accounts.
Last month, Rush Medical Center also accidentally exposed the names of 908 patients when it mailed a letter that was addressed incorrectly, resulting in patients learning names of other patients.
The hospital said the incident was a “low privacy risk.”
“Rush takes this matter very seriously and is committed to protecting patients’ personal information,” a statement from the hospital said.
Data breaches are becoming more common, especially at hospitals, universities and hotels that have high volumes of personal information.