Strauss Borrelli PLLC, a leading data breach law firm, is investigating UCM Medical Group Sub, LLC d/b/a UChicago Medicine Medical Group (“UChicago Medicine”), formerly known as Primary Health Associates regarding its recent cybersecurity incident. The UChicago Medicine cybersecurity incident involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT UCM MEDICAL GROUP SUB, LLC D/B/A UCHICAGO MEDICINE MEDICAL GROUP:
UChicago Medicine is non-profit, academic medical health system.3 Founded in 1890 with expansion into medicine in 1898, UChicago Medicine is based within the University of Chicago’s campus on the city’s South Side.3,4 Today, UChicago Medicine participates in research and clinical trials, aiding in fields such as cancer chemotherapy, organ transplants, diabetes treatment, and more.5 Additionally, UChicago Medicine is a client of Nationwide Recovery Service, which handles UChicago Medicine’s financial services. Headquartered in Chicago, Illinois, UChicago Medicine has hospitals, outpatient clinics, and physician practices in the Chicago area, and in Indiana.3
WHAT HAPPENED?
Recently, UChicago Medicine announced that its third-party vendor, Nationwide Recovery Service (“NRS”), had experienced a data breach in which sensitive personal identifiable information and protected health information from UChicago Medicine may have been compromised. According to the breach notice, on April 8, 2025, NRS informed UChicago Medicine that they were the victim of a cybersecurity incident that resulted in unauthorized access to personal information.1 As a result, NRS launched an investigation to determine the nature of the incident.
Through its investigation, NRS confirmed that sensitive personal information in its systems belonging to UChicago Medicine patients may have been viewed and obtained by an unauthorized third party between July 5 and July 11, 2024.1 As a result, NRS began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Address
- Social Security number
- Date of birth
- Financial account information
- Medical information
On May 23, 2025, UChicago Medicine posted a notice of the incident on its website and began mailing breach notices to impacted individuals. Additionally, UChicago Medicine reported the breach to the Commonwealth of Massachusetts. Based on the breach notice sent to Massachusetts’ residents, UChicago Medicine is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that UChicago Medicine posted on its website and filed with the Commonwealth of Massachusetts is below.
If you received a breach notification letter from UCM Medical Group Sub, LLC d/b/a UChicago Medicine Medical Group:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
