Strauss Borrelli PLLC, a leading data breach law firm, is investigating the University of North Carolina at Chapel Hill and the University of North Carolina Hospitals (“UNC-Chapel Hill” and “UNC Hospitals”) regarding its recent data breach. The UNC-Chapel Hill and UNC Hospitals data breach may have involved sensitive personal identifiable information and protected health information belonging to over 7,100 individuals.
ABOUT THE UNIVERSITY OF NORTH CAROLINA AT CHAPEL HILL AND THE UNIVERSITY OF NORTH CAROLINA HOSPITALS:
UNC-Chapel Hill is a public university based in North Carolina. Chartered in 1789 and opened for students in 1795, UNC-Chapel Hill a range of bachelor’s degree, master’s degree, and doctoral programs across the university’s schools, including the College of Arts and Sciences, the School of Medicine, the School of Law, the School of Education, the Hussman School of Journalism and Media, and more.2,3,4 Headquartered in Chapel Hill, North Carolina, UNC-Chapel Hill employs over 10,000 individuals.3
Additionally, UNC Hospitals is a public, academic medical center operated by the University of North Carolina (“UNC”) which includes UNC Hospitals and community clinics staffed with UNC Faculty Physicians.5 Operating since 1952, UNC Hospitals offers medical care to more than 37,000 people each year, providing patient services for medical needs related to cardiovascular systems, diabetes, lung, spine, wound management, transplants, rehabilitation, oncology, endocrinology, gynecology, family medicine, and more.5 Headquartered in Chapel Hill, North Carolina, UNC Hospitals employees over 7,100 individuals and offers services at multiple health centers across North Carolina.5
WHAT HAPPENED?
Recently, UNC-Chapel Hill and UNC Hospitals announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the notice shared on its website, on July 24, 2025, UNC-Chapel Hill and UNC Hospitals learned that an unauthorized person may have gained access to the email account for a faculty member at UNC-Chapel Hills’ School of Medicine (“SOM”) through an email phishing incident.1 As a result, UNC-Chapel Hill and UNC Hospitals launched an investigation to determine the nature of the incident.
Through its ongoing investigation, UNC-Chapel Hill and UNC Hospitals have confirmed that the sensitive personal information and protected health information in the affected SOM faculty email account may have been accessed by an unauthorized third party during the breach.1 As a result, UNC-Chapel Hill and UNC Hospitals began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Driver’s license number
- Financial account information
- Date of birth
- Medical information (diagnosis and treatment information, information about research study participation)
- Health insurance identification number
On September 19, 2025, UNC-Chapel Hill and UNC Hospitals posted notice of the breach to its websites and began mailing data breach notification letters to impact individuals. Furthermore, UNC-Chapel Hill School of Medicine and UNC Hospitals filed an official notice of the data breach with the U.S. Department of Health and Human Services’ Office for Civil Rights on September 19, 2025.6 Based on the website breach notice, UNC-Chapel Hill and UNC Hospitals is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. 1 A link to website breach notice is below.
If you received a breach notification letter from the University of North Carolina at Chapel Hill or the University of North Carolina Hospitals:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS:
[1] https://www.med.unc.edu/press-release/notice-of-a-data-security-incident-9-19-2025/
[3] https://www.linkedin.com/school/university-of-north-carolina-at-chapel-hill/about/
[4] https://www.unc.edu/schools/
[5] https://www.uncmedicalcenter.org/uncmc/about/
[6] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
