Who: RUSH Hospitals and Medical Centers

When: 4 March 2019

# of records involved: 45,000 Patients

What happened: The personal information of about 45,000 Rush patients may have been compromised in a data breach

How did it happen: The exposed data may include names, addresses, birthdays, Social Security numbers and health insurance information, according to the filing. The data did not include medical information. Rush said that to its knowledge, none of the information had been misused. ​The breach is just the latest in what has been a continuing pattern of data security problems at hospitals across the nation

Outcome: Rush launched an internal investigation and suspended its contract with the vendor. Rush said it also was reviewing its internal procedures and contracting processes. Rush said that to its knowledge, none of the information had been misused. The health system is offering affected patients a free one-year membership to an identity protection service. It also recommends affected patients check their credit reports and financial accounts for suspicious activity, review their explanations of benefits documents from health insurers, and understand that they have the option of freezing their credit.