Saint Anthony Hospital, a nonprofit, faith-based community hospital in Chicago, has begun notifying individuals about a significant data breach involving unauthorized access to sensitive personal and protected health information. The incident, which occurred on February 27, 2025, involved an unauthorized third party accessing certain files and folders containing unstructured data within the hospital’s email system. The hospital confirmed that its electronic medical records (EMR) systems were not impacted.

The breach notification comes more than a year after the initial incident, following a detailed forensic investigation and data review process. According to the hospital, third-party specialists completed their analysis of the affected files on February 13, 2026. Notification letters were subsequently mailed to impacted individuals starting March 6, 2026, after verifying the results and obtaining accurate contact information.

While the substitute breach notice published on the hospital’s website does not specify the exact types of compromised data, earlier disclosures in November 2025 indicated that highly sensitive information may have been involved. This includes names, addresses, dates of birth, Social Security numbers, medical record numbers, patient account details, prescription information, and medical histories.

Initial reports suggested that approximately 6,600 individuals were affected; however, updated information submitted to the U.S. Department of Health and Human Services’ Office for Civil Rights reveals the breach is far more extensive. The incident is now reported to have impacted the protected health information of 146,108 individuals, significantly increasing its scale and potential risk.

Despite the scope of the breach, Saint Anthony Hospital stated that there is currently no evidence indicating actual or attempted misuse of the compromised data. Nevertheless, affected individuals have been advised to remain vigilant by monitoring their financial accounts, reviewing credit reports, and checking explanation of benefits statements for any unusual activity.

Notably, the hospital has not indicated whether complimentary credit monitoring or identity theft protection services are being offered to those affected. The absence of such support may raise concerns among impacted individuals, particularly given the sensitivity of the data involved.

This incident underscores the growing risks healthcare organizations face from cyber threats, particularly those targeting email systems and unstructured data repositories. As cyberattacks continue to evolve, healthcare providers are under increasing pressure to strengthen their security posture and ensure timely communication with affected individuals following such breaches.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com  



🔒 Login or Register to continue reading