A third-party billing processing vendor inadvertently exposed the personal information of 45,000 Chicago-based Rush University Medical Center patients, The Chicago Tribune reports.
What you should know:
1. Patient names, addresses, birthdays, Social Security numbers and insurance information were exposed. The exposed data did not include medical or financial information and Rush does not believe the data has been misused.
2. Rush sent out a letter to patients who were potentially affected.
3. Rush believes the vendor exposed the data on in May 2018. Rush was made aware of the incident Jan. 22.
4. Rush suspended its contract with the vendor and is offering those affected one year of free credit monitoring.
5. This is the second recent data breach for Rush, which inadvertently exposed the names of 908 patients in a paper mailing announcing the retirement of a nurse practitioner in February.