UChicago Medicine Medical Group has broken ties with a technology vendor after a data breach that potentially exposed patients' personal information.
From July 5, 2024, to July 11, 2024, an unauthorized individual gained access to Nationwide Recovery Services' systems, the debt collection and recovery management agency that UChicago formerly used. The unauthorized party obtained information from certain files and folders, UChicago said.
NRS' review and analysis of the potential impacts determined that personal information may have been involved.
WHAT'S THE IMPACT
The affected information may have included first and last name, address, date of birth, Social Security number, financial account information, and/or medical-related information tied to NRS' financial services.
While NRS indicated that they implemented additional security measures to prevent future occurrences, UChicago made the decision to terminate its relationship with the vendor. Currently, NRS says they're not aware of any misuse of the personal information.
UChicago is providing written notices to affected people for whom it has mailing addresses. It encouraged people to remain vigilant for threats of fraud and identity theft by regularly reviewing account statements and credit reports.
The organization is also encouraging people to read account statements from their healthcare providers, explanations of benefits from their health plans and other documents related to medical services to make sure they don't include services the person didn't receive.
THE LARGER TREND
A recent data breach at Yale New Haven Health affected more than 5 million people. The Connecticut-based nonprofit health system first noticed unusual activity affecting its IT systems in early March. Using assistance from external cybersecurity experts, the system's investigation determined that an unauthorized third party gained access to its network and obtained copies of certain data.
The information that was compromised varied by patient, Yale New Haven said, but may have included name and date of birth, address and phone number, Social Security number, and race or ethnicity.
A KnowBe4 report published in June showed that a surge in cyberattacks contributed to a steep rise in cyberattack costs for healthcare organizations, with the average breach cost nearing $11 million – more than three times the global average – making healthcare the costliest sector for cyberattacks.
Ransomware attacks have dominated, accounting for over 70% of successful cyberattacks on healthcare organizations in the past two years.
Jeff Lagasse is editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a HIMSS Media publication.