Introduction to the Breach
A cybersecurity breach last summer may have exposed the personal information of about 38,000 patients within a University of Chicago Medicine Medical group. UChicago Medicine was notified of the incident last month by Nationwide Recovery Services, Inc., a now former third-party vendor that specializes in recovery management, customer service and collections.
Details of the Incident
Between July 5 and July 11, 2024, someone gained unauthorized access to NRS systems and was able to get information from certain files and folders, UChicago Medicine said in a statement.
First and last names, addresses, dates of birth, social security numbers, financial account information, and/or medical-related information that may have been provided to NRS to perform financial services on UChicago Medicine’s behalf may have been obtained, according to the release.
Response to the Breach
UChicago Medicine were mailing affected individuals with available mailing addresses while posting a notice online for impacted patients without a mailing address on file.
NRS, which has since been terminated as a third party vendor, was not aware of any misuse of the personal information, the release said.
Extent of the Breach
Other NRS clients impacted by the data breach include the City of Chattanooga, MAK Anesthesia, Duncan Regional Hospital, Swedish Edmonds Hospital and Smile Solutions of Goodlettsville.
“UChicago Medicine Medical Group is committed to protecting the confidentiality and security of personal information,” the medical group said in the statement.
Conclusion
The cybersecurity breach at the University of Chicago Medicine highlights the importance of robust security measures to protect sensitive patient information. The termination of NRS as a third-party vendor and the notification of affected individuals are steps in the right direction, but it is crucial for organizations to continually assess and improve their cybersecurity protocols to prevent such incidents in the future.
FAQs
- Q: How many patients were affected by the breach?
A: Approximately 38,000 patients within the University of Chicago Medicine Medical group were affected. - Q: What information was potentially exposed?
A: First and last names, addresses, dates of birth, social security numbers, financial account information, and/or medical-related information may have been obtained. - Q: Has the vendor responsible been held accountable?
A: Yes, NRS has been terminated as a third-party vendor by UChicago Medicine. - Q: Are there any indications of the data being misused?
A: According to the release, NRS was not aware of any misuse of the personal information. - Q: What actions are being taken to notify affected individuals?
A: UChicago Medicine is mailing affected individuals with available mailing addresses and posting a notice online for those without a mailing address on file.
