38K UChicago Medicine patients affected by debt collector’s data breach, officials say

May 29, 2025 – Published on CBS News Chicago

A data breach last summer might have exposed the personal information of nearly 40,000 patients of a University of Chicago Medicine medical group, the hospital system announced Wednesday.

A spokesperson said the incident was part of a nationwide data breach from third-party vendor Nationwide Recovery Services, who notified the hospital in April that they had experienced a cybersecurity incident of July 2024.

Nationwide Recovery Services is used by a wide variety of hospitals across the country, and multiple medical groups have reported being affected by the growing security incident.

The data breach follows to other similar incidents at other hospital systems in the past year, and that’s why security experts said the latest incident should be a reminder for everyone to be aware of an uptick in these breaches or attacks in the healthcare field.

Last year, Lurie Children’s Hospital experienced a nearly month-long network outage after a cyberattack. The group Rhysida claimed responsibility for that attack and appeared to be selling data for more than $3 million on the dark web.

“That’s a lot harder to be on the lookout for, but also at the same time has much more wide-reaching effects outside of just Chicago,” said Jason Baker of GuidePoint Security, a cyber threat intelligence expert, who spoke to the CBS News Chicago investigators about the attack on Lurie last year.

Baker said the UChicago incident stands out because it’s a third-party breach.

Read and Watch More HERE.