CHICAGO —Thousands of patients at Rush University Medical System in Chicago may have had their personal information compromised in a massive data hack.
The data breach came from a third-party vendor working with Rush. According to a financial filing, Rush learned about the breach on January 22. It was due to an employee of the vendor sharing a file with “an unauthorized party” in May Of 2018.
45,000 patients are potentially affected.
Hospital officials continue to investigate. The vendor has been suspended.
Rush said no data released contained medical information and to its knowledge, none of it has been misused so far. One-year credit monitoring is offered to each the 45,000 affected
Governors State University cyber security expert Bill Kresse said a Pandora’s Box has been opened and the hacker could sit on the information for years before acting on it.
“That is extremely dangerous because the name, date of birth and social security number are the key to the kingdom to an identity theft, Kresse said. ”With that info you can open up credit cards, loans ... it’s personal identifying information.”
Kresses said in similar circumstances, lawsuits have been filed he expects the same for this.