University of Chicago Medical Center Data Breach Investigation
Strauss Borrelli PLLC, a leading data breach law firm, is investigating The University of Chicago Medical Center (“UChicago Medicine”) regarding its recent data breach. The UChicago Medicine data breach involved sensitive personal identifiable information and protected health information belonging to over 10,000 individuals.
ABOUT THE UNIVERSITY OF CHICAGO MEDICAL CENTER:
UChicago Medicine is a not-for-profit academic medical health system based on the campus of the University of Chicago in Hyde Park, and with hospitals, outpatient clinics and physician practices throughout Chicago and its suburbs.3 Founded in 1927, UChicago Medicine comprises the Medical Center, Pritzker School of Medicine, and the Biological Sciences Division.4 Today, UChicago Medicine offers a full range of specialty-care services for adults and children through more than 40 institutes and centers including an NCI-designated Comprehensive Cancer Center.4 In addition, UChicago Medicine has 805 licensed beds, nearly 850 attending physicians, about 2,500 nurses and over 1,100 residents and fellows.4
WHAT HAPPENED?
Recently, UChicago Medicine discovered it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed. Through its investigation, UChicago Medicine determined that an unauthorized actor gained access to this sensitive information through multiple employee email accounts between January 4 and January 30, 2024. On May 24, 2024, UChicago Medicine began notifying individuals whose information may have been impacted. The type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license or state issued ID number
- Government issued ID number (e.g., tax ID number, IRS PIN number, military ID number, passport number, non-U.S. national ID number)
- Financial information (e.g., account number, routing number, financial institution name, credit or debit card number and security code or PIN)
- Access information such as access credentials, security credentials, security questions and answers, and digital signatures
- Medical information (e.g., diagnosis and treatment information, prescriptions, provider name, medical record number or patient ID number, or hospital account record number)
- Health insurance information (e.g., Medicare or Medicaid number or health insurance subscriber number)
If you are a current or former patient of, or have received a breach notification letter from, The University of Chicago Medical Center:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS:
[1] https://apps.web.maine.gov/online/aeviewer/ME/40/e3492b21-a5c6-44c2-aa10-2070377051fa.shtml
[2] https://www.uchicagomedicine.org/about-us/privacy-practices/notice-of-security-incident
[3] https://www.uchicagomedicine.org/about-us
[4] https://www.linkedin.com/company/university-of-chicago-medicine/about/
