IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Cybersecurity

Data on 10,300 at Risk in Chicago Hospital Phishing Incident

The private information of around 10,300 people — potentially including Social Security numbers, passport and driver’s license numbers — may have been compromised by bad actors targeting the University of Chicago Medical Center.

May 30, 2024 • 
Lisa Schencker, Chicago Tribune
A helicopter flies over the University of Chicago Medical Center
The University of Chicago Medical Center in Chicago's Hyde Park neighborhood. (Zbigniew Bzdak/Chicago Tribune/TNS)
Zbigniew Bzdak/TNS
(TNS) — A phishing incident involving the emails of workers at University of Chicago Medical Center may have exposed the personal information of about 10,300 people, according to the hospital.

The email accounts of several hospital workers were accessed between Jan. 4 and Jan. 30, the hospital said in a news release. When the hospital learned of the incident, it took steps to secure those email accounts, and it launched an investigation.

In late March, the hospital determined that the email accounts contained health information, and for some people may have also included Social Security numbers, passport numbers, driver’s license numbers, insurance information, billing information and access information, such as security questions and answers.

“UCMC remains committed to protecting the confidentiality of all faculty, staff, students and patients and takes cybersecurity threats to its systems seriously,” the hospital said in a news release. “It has taken steps to prevent a similar occurrence from happening again, including implementation of additional technical safeguards.”

Phishing is when cyber criminals attempt to access sensitive data through fraudulent emails or websites, according to the National Institute of Standards and Technology.

Affected individuals may call 833-918-4065 Monday through Friday from 8 a.m. to 8 p.m. with questions.

The security incident follows a string of high-profile cyber attacks on health care institutions in the Chicago area and across the country. Earlier this month Ascension, which has 14 hospitals in Illinois, said it was the victim of a ransomware attack. The attack led Ascension to postpone some nonemergency elective surgeries, tests and appointments and temporarily divert ambulances carrying new patients from one Illinois hospital.

In January, Lurie Children’s Hospital in Chicago also faced a cyber attack. It took more than a month for Lurie to get all of its systems back online after the attack.

Health care institutions are often targets for cyber criminals because of their size, their dependence on technology and the large amounts of sensitive data they hold, according to the U.S. Department of Health and Human Services.

©2024 Chicago Tribune, Distributed by Tribune Content Agency, LLC.

Tags:

Health and Human ServicesPrivacyCybersecurity
gov-footer-logo-2024.png
gt-footer-logo.png
ii-footer-logo.png
nav-footer-logo.png
cdg-footer-logo.png
cde-footer-logo.png
cpsai-footer-logo.png
em-footer-logo.png