Data breach impacts 900 University of Chicago Medical Center patients

Patient files — including names, social security numbers and health data — were uploaded to a public website by a former employee of a data processor that includes the medical center among its clients, officials said Wednesday.

SHARE Data breach impacts 900 University of Chicago Medical Center patients
The University of Chicago Medicine located at 5841 S. Maryland, in the Hyde Park neighborhood.

The University of Chicago Medical Center located at 5841 S. Maryland, in the Hyde Park neighborhood.

Tyler LaRiviere/Sun-Times file

A former employee at a national health care data processor that includes the University of Chicago Medical Center among its clients uploaded patients’ private information to the internet in 2019, potentially revealing their Social Security numbers and physical addresses and other sensitive data, officials said Wednesday.

The University of Chicago Medical Center said that nearly 900 of its patients might have been affected by the security breach at Med-Data, an Ohio-based company that provides revenue cycle services to health care providers and patients.

“The exposure of information occurred on Med-Data’s end. At this time, the company has confirmed it has no knowledge of any actual or attempted misuse of the information of our patients,” the University of Chicago Medical Center said in a statement.

“Med-Data has assured UCMC that it has taken all necessary and appropriate steps to secure this information and mitigate any personal financial risk to UCMC patients,” the medical center said.

Med-Data was notified by a journalist in December that patients’ data appeared on a public website, and found that a former employee had uploaded patients’ files to personal folders on the site on or before September 2019, the company said.

Cybersecurity experts confirmed that the files contained patients’ names and, in some cases, their birthdates, Social Security numbers, addresses and health care information, among other private information, Med-Data said in a written statement.

Med-Data mailed a letter to the affected individuals Wednesday to notify them of the data breach, and is offering a year of free credit monitoring and identity theft protection services to them, the company said.

The company did not say whether it would be pressing charges against the former employee who uploaded the information. Med-Data did not respond to a request for further comment.

The Latest
The Hawks battled hard in the third period but in the third period only, ultimately falling 5-4 for their eighth straight defeat.
Will Smith sticks to Movie Star mode as a family man dodging hunters, bullets, a gator and a snake while fleeing slavery.
While Zach LaVine still was trying to figure out a way to find his timing and end an eight-game shooting slump, Booker was showing the Bulls what a max-contract shooting guard should do, lighting them up despite playing only three quarters.
Anthony Demirov is just a sophomore, but he has the scoring ability to carry his team for a crucial quarter and the confidence and resolve to knock down free throws with the game on the line.