UChicago Medicine notified patients that an unauthorized user had access to some employee email accounts, putting protected health information of patients at risk.
According to UChicago Medicine's website, the health system learned March 24 that an unauthorized user had access to several employee email accounts, and that access lasted until March 31.
The email accounts contained first and last names, Social Security numbers, health information, legacy Medicare beneficiary identification numbers, health insurance policy numbers and driver's license numbers.
The HHS data breach portal reported that 2,568 patients have been affected by the email breach.
UChicago Medicine is enhancing its user authentication controls, threat monitoring and detection processes and is providing ongoing training to its employees on the importance of email security.
It is also mailing letters to all affected individuals.