A former employee at revenue cycle management vendor Med-Data uploaded patient information from Houston-based Memorial Hermann Health System and University of Chicago Medicine sometime during or before September 2019, according to a March 31 Chicago Sun-Times report.
Five things to know:
1. Med-Data notified Memorial Hermann and UChicago Medicine of the breach March 31. The company said it discovered the incident in December, CBS affiliate KHOU reports.
2. An internal investigation found that a former Med-Data employee saved client files to personal folders created on a public-facing website sometime during or before September 2019. Med-Data removed the files Dec. 17, 2020.
3. UChicago Medical Center said almost 900 of its patients may have been affected by the security breach at Med-Data, according to the Chicago Sun-Times.
"The exposure of information occurred on Med-Data’s end," the hospital said in a statement. "At this time, the company has confirmed it has no knowledge of any actual or attempted misuse of the information of our patients."
4. The files uploaded to the website contained information including patients' names and in some cases birthdates, Social Security numbers, addresses and healthcare data.
5. Med-Data did not say whether it would press charges against the former employee who uploaded the information. The company is offering affected individuals a free year of credit monitoring and identity theft protection services.