Millions of patients in the US could have had their personal details jeopardised, as computers were stolen from the Advocate Medical Group.
Among the data stored on the computers were names, dates of birth, addresses, social security numbers and some clinical information.
Although the systems were password-protected, there is still widespread concern in the US that the information could be exploited if it ends up in the wrong hands.
The computers, however, did not contain exhaustive medical records or financial data – although the information was unencrypted.
The breach occurred on July 15, meaning it has taken Advocate Medical Group more than a month to determine just how severe the incident was and no doubt take a look at its vulnerability management strategies in the process.
Speaking to the Chicago Tribune, senior vice-president and chief marketing officer at Advocate Health Care Kelly Jo Golson said: "There was a large volume of data on the computers, and the format of the data was very complex.
"We were very comprehensive and thorough in our analysis of the data to ensure we were notifying every patient who may be affected."
The stolen computers are yet to be found by the US authorities and an investigation is underway.