Names, addresses, birthdays, Social Security numbers, and health insurance information of 45,000 Rush patients have possibly been compromised in a data breach. A contracted employee of Rush’s billing department inadvertently sent a file to a party that was not supposed to receive it. The third-party vendor contract has since been suspended pending an investigation. The breach was noticed on January 22nd and documented within a financial file on the 12th of February, which then led to a patient notice letter on February 25th. Rush is offering free one-year identity monitoring to patients that could have possibly been affected. This is the second incident of information being misused by Rush since the beginning of the year.
Analyst Notes
Users who may be affected should take advantage of the free identity monitoring. Credit reports and financial accounts should be checked for any unauthorized activity. If suspicious activity is noticed, their accounts should be frozen as soon as possible.
