UChicago Medicine Medical Group is notifying patients of a data breach involving a former third-party vendor that may have compromised individuals’ personal information.
Here are five things to know:
- Nationwide Recovery Services, a vendor previously contracted by the medical group, experienced a cybersecurity incident in July 2024 that resulted in unauthorized access to certain files and folders, according to a notice posted by UChicago Medicine.
- The breach occurred between July 5 and July 11, 2024.
- UChicago Medicine Medical Group said it was informed of the breach on April 8, 2025, and is now alerting potentially affected individuals. Those with known mailing addresses are being contacted directly, while others are being notified through public channels.
- Information potentially exposed in the breach includes names, addresses, dates of birth, Social Security numbers, financial account details and medical-related information, the group said. UChicago Medicine Medical Group said that at this time, there is no evidence that the compromised data has been misused.
- Nationwide Recovery Services has since completed a review of the incident and taken steps to enhance its cybersecurity. However, UChicago Medicine Medical Group said it has ended its relationship with the vendor in light of the breach.
