Earlier this year, Rush disclosed that the personal information of about 45,000 patients may have been compromised in a data breach. That data did not include medical information, and Rush said, at the time, that to its knowledge none of the information had been misused. Rush said an employee of one of the hospital system's billing processing vendors improperly disclosed a file to "an unauthorized party," likely in May 2018, according to a letter sent to affected patients at the time.