25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Chicago’s Saint Anthony Hospital Reports Breach Affecting 146,000 Individuals

Posted By on Apr 21, 2026

Saint Anthony Hospital, a nonprofit, faith-based, acute care, community hospital in Chicago, has started notifying individuals about unauthorized access and/or theft of some of their personal and protected health information. The substitute breach notification does not state when the unauthorized access was detected, only that an unauthorized third party accessed and/or acquired certain files and folders of unstructured data from its email system on February 27, 2025. The forensic investigation confirmed that electronic medical records were not affected by the incident.

More than a year after the unauthorized access occurred, notification letters are being sent to the affected individuals. Saint Anthony Hospital said the third-party specialists engaged to review the affected files completed their review on February 13, 2026, and notification letters started to be mailed to the affected individuals on March 6, 2026, after the results of the data review were verified and contact information was obtained.

The substitute breach notice on the Saint Anthony Hospital website does not state what types of information were involved; however, the hospital had previously disclosed in November 2025 that names, addresses, dates of birth, Social Security numbers, medical record numbers, patient account numbers, prescription information, and medical histories were involved. Back in November, the hospital reported that approximately 6,600 patients and employees had been affected; however, the breach notice submitted to the HHS’ Office for Civil Rights shows that the breach was much larger, involving the protected health information of 146,108 individuals.

While no evidence has been found to suggest any actual or attempted misuse of patient data, the affected individuals have been advised to exercise caution and monitor their free credit reports, financial accounts, and explanation of benefits statements carefully for signs of data misuse. Complimentary credit monitoring and identity theft protection services do not appear to have been offered to the affected individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist