Data from 10,300 people may have been made public in an email incident

A phishing incident involving the emails of University of Chicago Medical Center employees may have exposed the personal information of about 10,300 people, according to the hospital.

The email accounts of several hospital employees were accessed between Jan. 4 and Jan. 30, the hospital said in a news release. When the hospital learned of the incident, it took steps to secure those email accounts and launched an investigation.

In late March, the hospital determined that the email accounts contained health information, and for some people may also include Social Security numbers, passport numbers, driver’s license numbers, insurance information, billing information and access information such as security questions and answers.

“UCMC remains committed to protecting the confidentiality of all faculty, staff, students and patients and takes cybersecurity threats to its systems seriously,” the hospital said in a news release. “It has taken steps to prevent a similar incident from happening again, including the implementation of additional technical safeguards.”

According to the National Institute of Standards and Technology, phishing occurs when cybercriminals attempt to access sensitive data through fraudulent emails or websites.

Affected individuals can call 833-918-4065 with questions Monday through Friday from 8 a.m. to 8 p.m.

The security incident follows a series of high-profile cyberattacks on healthcare facilities in the Chicago area and across the country. Earlier this month, Ascension, which has 14 hospitals in Illinois, said it fell victim to a ransomware attack. The attack led Ascension to postpone some non-emergency elective surgeries, tests and appointments and to temporarily divert ambulances carrying new patients from an Illinois hospital.

In January, Lurie Children’s Hospital in Chicago also suffered a cyber attack. It took over a month for Lurie to get all systems back online after the attack.

According to the U.S. Department of Health and Human Services, healthcare organizations are often targeted by cybercriminals due to their size, their reliance on technology and the large amounts of sensitive data they store.

Back To Top