A cybersecurity breach last summer may have exposed the personal information of about 38,000 patients within a University of Chicago Medicine Medical group.
UChicago Medicine was notified of the incident last month by Nationwide Recovery Services, Inc., a now former third-party vendor that specializes in recovery management, customer service and collections.
Between July 5 and July 11, 2024, someone gained unauthorized access to NRS systems and was able to get information from certain files and folders, UChicago Medicine said in a statement.
First and last names, addresses, dates of birth, social security numbers, financial account information, and/or medical-related information that may have been provided to NRS to perform financial services on UChicago Medicine’s behalf may have been obtained, according to the release.
UChicago Medicine were mailing affected individuals with available mailing addresses while posting a notice online for impacted patients without a mailing address on file.
NRS, which has since been terminated as a third party vendor, was not aware of any misuse of the personal information, the release said.
Other NRS clients impacted by the data breach include the City of Chattanooga, MAK Anesthesia, Duncan Regional Hospital, Swedish Edmonds Hospital and Smile Solutions of Goodlettsville.
“UChicago Medicine Medical Group is committed to protecting the confidentiality and security of personal information,” the medical group said in the statement.
