Data breach impacts 900 University of Chicago Medical Center patients

Patient files — including names, social security numbers and health data — were uploaded to a public website by a former employee of a data processor that includes the medical center among its clients, officials said Wednesday.

SHARE Data breach impacts 900 University of Chicago Medical Center patients
The University of Chicago Medicine located at 5841 S. Maryland, in the Hyde Park neighborhood.

The University of Chicago Medical Center located at 5841 S. Maryland, in the Hyde Park neighborhood.

Tyler LaRiviere/Sun-Times file

A former employee at a national health care data processor that includes the University of Chicago Medical Center among its clients uploaded patients’ private information to the internet in 2019, potentially revealing their Social Security numbers and physical addresses and other sensitive data, officials said Wednesday.

The University of Chicago Medical Center said that nearly 900 of its patients might have been affected by the security breach at Med-Data, an Ohio-based company that provides revenue cycle services to health care providers and patients.

“The exposure of information occurred on Med-Data’s end. At this time, the company has confirmed it has no knowledge of any actual or attempted misuse of the information of our patients,” the University of Chicago Medical Center said in a statement.

“Med-Data has assured UCMC that it has taken all necessary and appropriate steps to secure this information and mitigate any personal financial risk to UCMC patients,” the medical center said.

Med-Data was notified by a journalist in December that patients’ data appeared on a public website, and found that a former employee had uploaded patients’ files to personal folders on the site on or before September 2019, the company said.

Cybersecurity experts confirmed that the files contained patients’ names and, in some cases, their birthdates, Social Security numbers, addresses and health care information, among other private information, Med-Data said in a written statement.

Med-Data mailed a letter to the affected individuals Wednesday to notify them of the data breach, and is offering a year of free credit monitoring and identity theft protection services to them, the company said.

The company did not say whether it would be pressing charges against the former employee who uploaded the information. Med-Data did not respond to a request for further comment.

The Latest
Gutierrez has not started the past two games, even though the offense has struggled.
Rawlinson hopes to make an announcement regarding the team’s plans for an individual practice facility before the 2024 season begins.
Once again there are dozens of players with local ties moving on from their previous college stop in search of a better or different opportunity.
State lawmakers can pass legislation that would restore the safeguards the U.S. Supreme Court removed last year on wetlands, which play a key role in helping to mitigate the impact of climate change and are critical habitats for birds, insects, mammals and amphibians.
Not all filmmakers participating in the 15-day event are of Palestinian descent, but their art reclaims and champions narratives that have been defiled by those who have a Pavlovian tendency to think terrorists — not innocent civilians — when they visualize Palestinian men, women and children.