Patients at University of Chicago Medical Center may have had personal information exposed in an email hack of the hospital’s workers.
Unauthorized access to a “small number” of workers was made between Jan. 4 and Jan. 20, according to the hospital.
The hospital said it took steps to secure the affected email accounts and began investigating the phishing incident with a cybersecurity firm Jan. 6.
By March 28, the hospital said its investigation concluded that personal information was made available in at least one of the impacted accounts.
A plethora of personal information was contained in the impacted employees’ emails, but not all of the information was present for each patient who may have been affected, the hospital said. Patients’ family members and others who received services from the medical center also may have had information exposed.
That information includes the following: names, dates of birth, Social Security numbers, tax identification numbers, IRS PIN, passport numbers, bank account information, credit card numbers, and medical records, such as diagnosis and treatment information, provider names, prescriptions and health insurance information.
The medical center has informed people who may have been affected. People can contact the hospital at (833) 918-4065 to inquire about the incident and should use the reference number B123133, the hospital said.
The University of Chicago Medical Center said it has since implemented heightened security measures, such as enhancing its threat monitoring and detection process, and is providing email security training to its employees “to prevent the occurrences of a similar event.”