Almost 9,000 patients of Silver Cross hospital, outside of Chicago, possibly had their data exposed due to an error made by a third-party vendor.

How many victims? 8,862

What type of information?  The information that was exposed was input by patients on the hospital’s contact and maternity pre-registration pages and includes name, address, phone number, birthdate, Social Security number, health insurance numbers and information pertaining to mental or health condition or treatment if voluntarily provided in the web form.

What happened?  Silver Cross patients who used the hospital’s online contact and maternity pre-registration pages between January 2013 and June, 14, 2017 are at risk. The data was exposed when a hospital vendor upgraded the software on Silver Cross’ website and mistakenly reconfigured the site’s security settings allowing the data visible on the internet. Only data hosted on the vendor’s site was involved, the hospital’s internal network was not affected. Silver Cross said it has not found any evidence that the information has been accessed.

What was the response?  The error was discovered on June 14, 2017 by the hospital, which immediately contacted the vendor to fix the issue. The hospital has launched an investigation into the incident and is working with the vendor and outside security consultants to ensure it does not happen again. In addition, hospital personnel will be given additional training and reviewing its cybersecurity policies. One year of credit monitoring for those affected is also being offered by Silver Cross.

Quote: “Silver Cross Hospital recently learned that a vendor that manages parts of its website experienced a data incident that affected the information of certain Silver Cross patients and others. Silver Cross is working to notify all potentially affected individuals about the incident.”

Source: Silver Cross Hospital