Data Breaches

Breach Subtotal

Breach Type: all
Organization Type: all
Year(s) of Breach: all
Company or Organization:
Date Made Public:
February 11, 2019
Company: Rush University Medical Center
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
908

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
Date Made Public:
November 6, 2015
Company: Rush University Medical Center
Location: , Illinois
Type of breach:
DISC
Type of organization:
MED
Records Breached:
1,529

On September 9, 2015, a business associate (BA), Standard Register, erroneously mailed announcements concerning a retirement for the covered entity (CE), Rush University Medical Center, which resulted in misdirected letters being sent to the wrong patients associated with the clinic. The breach affected 1,529 individuals and included patients’ names. The CE provided breach notification to HHS, the media, and affected individuals, and provided substitute notice on its website. The CE also entered into a BA agreement with Standard Register and created policies and procedures to establish quality measures for mass mailings. OCR obtained documentation confirming that the CE implemented the corrective actions listed above.

Location of breached information: Paper/Films

Business associate present: No

Information Source:
US Department of Health and Human Services
CSV