As many as 8,862 individuals may have had their personal information compromised because of a data breach at Silver Cross Hospital in New Lenox.
Silver Cross discovered in June that some patient information may have leaked onto the internet after a vendor that manages parts of its website upgraded its software, according to a letter sent earlier this month to those potentially affected. The upgrade may have reconfigured some security settings, resulting in the breach.
Data at risk includes information patients typed into various forms on the hospital's website, such as the "contact" page and forms for maternity pre-registration, said Tracy Simons, a spokeswoman for Silver Cross. The forms may have included people's names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance numbers and information about health conditions, if people typed that into the forms.
Those who filled out forms on the website between January 2013 and June 14, 2017, may be affected.
Silver Cross, however, "has discovered no evidence" that anyone has inappropriately accessed the information, according to the letter.
Simons said Tuesdaythat she could not immediately name the vendor involved in the breach, and she said she didn't know of any other hospitals affected.
The hospital is offering a year of free credit monitoring to those who may have been affected. It already has contacted the vendor to stop any potentially inappropriate access to the information.
The hospital also hired a computer forensics firm to investigate the incident. Silver Cross is working with the vendor to improve security and is reviewing policies and performing additional training.
Silver Cross self-reported the incident to the U.S. Department of Health and Human Services' Office for Civil Rights, which investigates such matters, Simons said.
Attempts to reach the Office for Civil Rights were not immediately successful Tuesday.