A phishing incident involving the emails of workers at University of Chicago Medical Center may have exposed the personal information of about 10,300 people, according to the hospital.
The email accounts of several hospital workers were accessed between Jan. 4 and Jan. 30, the hospital said in a news release. When the hospital learned of the incident, it took steps to secure those email accounts, and it launched an investigation.
In late March, the hospital determined that the email accounts contained health information, and for some people may have also included Social Security numbers, passport numbers, driver’s license numbers, insurance information, billing information and access information, such as security questions and answers.
“UCMC remains committed to protecting the confidentiality of all faculty, staff, students and patients and takes cybersecurity threats to its systems seriously,” the hospital said in a news release. “It has taken steps to prevent a similar occurrence from happening again, including implementation of additional technical safeguards.”
Phishing is when cybercriminals attempt to access sensitive data through fraudulent emails or websites, according to the National Institute of Standards and Technology.
Affected individuals may call 833-918-4065 Monday through Friday from 8 a.m. to 8 p.m. with questions.
The security incident follows a string of high-profile cyberattacks on health care institutions in the Chicago area and across the country. Earlier this month Ascension, which has 14 hospitals in Illinois, said it was the victim of a ransomware attack. The attack led Ascension to postpone some nonemergency elective surgeries, tests and appointments and temporarily divert ambulances carrying new patients from one Illinois hospital.
In January, Lurie Children’s Hospital in Chicago also faced a cyberattack. It took more than a month for Lurie to get all of its systems back online after the attack.
Health care institutions are often targets for cybercriminals because of their size, their dependence on technology and the large amounts of sensitive data they hold, according to the U.S. Department of Health and Human Services.