A data security incident at Chicago-based Sinai Health System may have exposed the personal and health information of about 12,000 patients.
In October, data forensic specialists determined that patient information could be at risk after an unknown third party gained unauthorized access to the email accounts of two employees at the four-hospital delivery system.
The forensics investigation found no evidence that any patient information was removed from Sinai Health’s email accounts or systems. The organization also is not aware of any misuse of patient information, and security executives say they’ve seen no indication that any patient data is in unauthorized hands.
Protected health information in the two email accounts included patients’ names, addresses, dates of birth, Social Security numbers, and health and health insurance information.
Sinai Health System’s notice letter of the data security incident does not mention whether the system will be offering protective services, such as credit monitoring or identity theft protection, to affected patients, but the letter assures patients that the security of patient information is a high priority.
“Sinai has taken steps to prevent a similar incident from occurring in the future, including resetting employee email passwords, conducting employee training and enhancing email filtering protocols,” the organization told patients.
Sinai Health System also has reviewed and revised information security policies that include email retention procedures and is increasing security of email systems and the organization’s information networks.
“Sinai Health System sincerely regrets any inconvenience that this incident may cause patients and remains dedicated to protecting patients’ personal and health information,” its letter to patients noted.
Additional information from Sinai Health System was not immediately available.