Information of 10,300 people may have been disclosed in email incident

According to the hospital, a phishing incident involving emails from University of Chicago Medical Center employees may have exposed the personal information of around 10,300 people.

Between January 4 and January 30, the email accounts of several hospital employees were accessed, the hospital said in a press release. When the hospital learned of the incident, it took steps to secure those email accounts and launched an investigation.

In late March, the hospital discovered that the email accounts contained health information and, for some people, possibly social security numbers, passport numbers, driver’s license numbers, insurance information, billing information and access information such as security questions and answers.

“UCMC remains committed to protecting the confidentiality of all faculty, staff, students and patients and takes cybersecurity threats to its systems seriously,” the hospital said in a press release. “It has taken steps to prevent a recurrence, including implementing additional technical safeguards.”

According to the National Institute of Standards and Technology, phishing occurs when cybercriminals attempt to access confidential data through fraudulent emails or websites.

If you have any questions, please call 833-918-4065 Monday through Friday from 8 a.m. to 8 p.m.

The security incident follows a series of high-profile cyberattacks on healthcare facilities in the Chicago area and across the country. Earlier this month, Ascension, which operates 14 hospitals in Illinois, announced it had fallen victim to a ransomware attack. The attack prompted Ascension to postpone some non-urgent surgeries, tests and appointments and temporarily divert ambulances carrying new patients from an Illinois hospital.

In January, the Lurie Children’s Hospital in Chicago was also the victim of a cyberattack. It took more than a month for Lurie to get all systems back online after the attack.

According to the U.S. Department of Health and Human Services, healthcare organizations are often targeted by cybercriminals because of their size, reliance on technology, and the large amount of sensitive data they store.