Personal information of patients at the University of Chicago Medical Center may have been exposed in a hack of hospital staff emails.
The hospital said the unauthorized access to a “small number” of workers occurred between January 4 and 20.
According to a memo sent to employees by the hospital, about 10,300 people, including patients, their family members and others who received care from the medical center, may have been affected.
The hospital said it took steps to secure the affected email accounts and began investigating the phishing incident with a cybersecurity firm on Jan. 6.
By March 28, the hospital said its investigation had concluded that personal information was available in at least one of the affected accounts.
The hospital said the emails to affected employees contained a huge amount of personal information, but not all of the information was there for every patient who may have been affected.
This information includes: names, dates of birth, Social Security numbers, Tax Identification Numbers, Internal Revenue Service Personal Identification Numbers, passport numbers, bank account information, credit card numbers, medical records, such as diagnosis and treatment information, provider names, prescriptions, and health insurance information.
The medical center has notified people who may have been affected by the incident. People can call the hospital at (833) 918-4065 to inquire about the incident and should use reference number B123133, the hospital said.
The University of Chicago Medical Center said it has since implemented heightened security measures, such as enhanced threat monitoring and detection, and is providing email security training to its employees “to prevent a similar event from occurring.”
