The personal information of about 38,000 patients of a UChicago Medicine medical group may have been exposed in a cybersecurity incident involving one of the group’s vendors.
UCM Medical Group said in a news release that one of its vendors — debt collection agency Nationwide Recovery Service — notified the group that in July an unauthorized person accessed the company’s systems. The person obtained information from certain files and folders, according to the news release.
The exposed information may have included first and last names, addresses, dates of birth, Social Security numbers, financial account information and/or medical-related information. Nationwide Recovery Service told the medical group it is not aware, at this point, of any misuse of the information, according to the release.
The medical group has terminated its relationship with Nationwide Recovery Service and has sent notices to affected individuals. The medical group was formerly known as Primary Healthcare Associates.
“UCM Medical Group remains committed to protecting the confidentiality of all patients and we take this seriously,” the group said in a news release.
Nationwide Recovery Service works with health care providers to help them recover money from unpaid bills, among other services.
A number of other health care systems have also been affected by the incident, including Northeast Georgia Health System, Erlanger Western Carolina Hospital in North Carolina and Harbin Clinic in Georgia.
Cybersecurity incidents and data breaches at health care systems across the country have become increasingly common. Cybercriminals often target health care systems partly because they hold large amounts of sensitive information.
In recent months, Loretto Hospital on Chicago’s West Side reported that the personal information of more than 500 people may have been exposed in a hacking incident there.
Cybercriminals attacked Chicago’s Lurie Children’s Hospital last year, and it took more than a month for Lurie to get all of its systems back online after the attack. Cybercriminals also targeted health system Ascension last year, which had 14 hospitals in Illinois at the time.