Cyber Incident Victim: University of Chicago Medical Center

On March 24, 2022, the University of Chicago Medical Center (UCMC) identified unauthorized access to several employee email accounts. The intrusion persisted until March 31, 2022, during which an external actor maintained illicit access to these accounts. The compromised email systems contained sensitive patient information, including full names, Social Security numbers, medical details, historical Medicare beneficiary identification numbers, health insurance policy identifiers, and driver’s license numbers. UCMC initiated an investigation upon discovery and confirmed the exposure of protected health information (PHI) and personally identifiable information (PII). The organization did not specify the exact number of breached email accounts or the method of initial compromise but acknowledged the attacker’s sustained access over the seven-day period.

The breach impacted 2,568 patients, as subsequently reported to the U.S. Department of Health and Human Services (HHS) via its public data breach portal. UCMC began notifying affected individuals after concluding its internal review, detailing the types of exposed data in communications to patients. In response, the institution implemented enhanced user authentication protocols and expanded its threat monitoring and detection capabilities. It also initiated mandatory employee training programs focused on email security best practices. UCMC mailed formal notification letters to all impacted patients, though no ransomware involvement, financial demands, or data misuse claims were disclosed in available reports. The incident remained confined to email account compromises without evidence of broader network infiltration or system-wide data exfiltration.