Some personal information from University of Chicago Medicine patients and donors was mistakenly exposed on June 3, the health system confirmed to the Chicago Tribune.
U of Chicago Medicine received a tip from independent security researcher Bob Diachenko that a database of patient information was involved in a data breach. Mr. Diachenko said the database contained nearly 1.7 million records.
However, on June 4, a spokesperson for the health system said the database contained information from "substantially fewer individuals" than 1.7 million. U of Chicago Medicine did not provide additional details on the depth of the data breach.
U of Chicago Medicine is now investigating the data breach. It has determined that no unauthorized parties gained access to the database, beyond Mr. Diachenko. The database has since been secured.
A vendor misconfiguring a server caused the information exposure, the health system said in a statement to the Chicago Tribune.
"The University of Chicago and the University of Chicago Medical Center take data privacy very seriously and work vigorously to protect the confidentiality and security of sensitive information," the health system said.
Mr. Diachenko and his team use search engines to find data vulnerabilities and then alert the affected organizations.
More articles about health IT:
HHS OIG warns against genetic testing scam
Battle of the coasts: How Boston-based digital health companies compete with Silicon Valley for tech talent
Smaller tech 'tweaks' add up to make a big impact on clinical care