An unauthorized user or users accessed the email accounts of a "small number" of University of Chicago Medicine employees, potentially compromising patient health information.
University of Chicago Medicine said that between Jan. 4 and 30, some of its employee email accounts were accessed without authorization. On March 28, University of Chicago Medicine determined that personal information was in at least one of the compromised email accounts.
According to a health system news release, patient information in the emails included names, dates of birth, Social Security numbers, credit or debit card numbers and security codes, health information and health insurance information.
University of Chicago Medicine did not say how many patients were affected by this incident but said it is mailing letters to affected patients for whom it has mailing addresses.
The health system also said it has implemented additional security measures, such as enhanced threat monitoring and detection processes.