Notice of Security Incident
At the University of Chicago Medical Center (UCMC), we are committed to protecting the confidentiality and security of your personal information. We are posting this notice because UCMC was recently the victim of an email security incident that may have resulted in unauthorized access to certain personal information. At this time, we are not aware of any misuse of the personal information potentially affected by this incident.
Was I affected by this incident?
UCMC is in the process of providing separate written notification to affected individuals for whom we have mailing addresses. We are posting this notice pursuant to Federal law for those individuals for whom we do not have mailing addresses. Ordinarily, if you were a patient at UCMC, we have your last known address.
From March 24, 2022, to March 31, 2022, there was unauthorized access to the email accounts of several UCMC employees. Upon learning of this incident on March 24, 2022, we took steps to terminate the unauthorized access and secure the affected email accounts. We also promptly began an investigation into the incident with assistance from a leading cybersecurity firm and performed an analysis of the impacted email accounts.
What information was involved?
The impacted UCMC employees’ email accounts contained the following types of personal information about the affected individuals, but not all of these were present for each individual: first and last name; Social Security number; health information, such as diagnoses and prescriptions; legacy Medicare beneficiary identification number that includes Social Security number; health insurance policy number; and driver’s license number. The individuals whose information was affected by this incident included UCMC patients and their family members and others who received services from us.
What We Are Doing
We have implemented additional security measures to prevent the occurrence of a similar event in the future. For example, we have enhanced our user authentication controls and our threat monitoring and detection processes. We are also providing ongoing training to our employees on the importance of email security.
What You Can Do
We encourage you to remain vigilant for threats of fraud and identity theft by regularly reviewing your account statements and credit reports. We also encourage you to read account statements from your health care providers, explanations of benefits from your health plan, and other documents related to medical services to make sure they do not include services you did not receive.
For More Information
If you have any questions or concerns, please contact us toll-free by calling (855) 503-2963, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time.