In what has become an all-too-common headline, UChicago Medicine has confirmed a cybersecurity breach that potentially laid bare the personal details of approximately 38,000 patients. The breach stemmed from an incident involving a third-party vendor, Nationwide Recovery Services, Inc., which the university previously employed for debt recovery and customer service tasks. According to a statement by UChicago Medicine obtained by the Chicago Sun-Times, the unauthorized access occurred between July 5 and July 11 of the previous year.
It wasn't until the following month that UChicago Medicine was notified of the cybersecurity incident, during which an individual managed to siphon off sensitive data from NRS systems. The data bounty may include patients' names, addresses, birth dates, Social Security numbers, financial account details, and possibly even medical information provided to NRS. This information was revealed in a release mentioned by ABC7 Chicago, which also indicated that NRS at the time was notified last month, not yet aware of any misuse of this data.
Addressing the breach head-on, UChicago Medicine has pledged to reach out to those affected via written communication to the most recent addresses on file. Moreover, an online notice has been posted by the institution for patients without an up-to-date mailing address. As the breach's ramifications are still being unraveled, UChicago Medicine has expressed its dedication to maintaining the confidentiality and security of personal information, a commitment echoed in the words of their statement, as reported by the Chicago Sun-Times.
