• 5
  • Hospitals
  • 5
  • IA
  • 5
  • UI Community Home Care, a subsidiary of University of Iowa Health System

UI Community Home Care, a subsidiary of University of Iowa Health System

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at UI Community HomeCare, a subsidiary of the University of Iowa Health System, was discovered on March 23, 2023, when the organization found encrypted files on certain computer systems. An internal investigation was immediately launched to understand the extent and nature of the breach[1]. This incident was part of a broader trend of cyberattacks targeting healthcare providers, largely because of the valuable and sensitive patient information these organizations hold, which can be used for identity theft and fraud[4].

The investigation confirmed that an unauthorized party had gained access to the company’s computer network on March 23, 2023. It was later determined that some of the compromised files contained confidential information belonging to certain individuals. The types of information that were compromised varied but could include names, dates of birth, addresses, phone numbers, medical record numbers, referring physicians, dates of service, health insurance information, billing and claims information, medical history, diagnosis, and treatment information[4].

As a result of the breach, UI Community HomeCare began reviewing the affected files to determine exactly what information was compromised and which consumers were impacted. On May 24, 2023, the organization filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights and began sending out data breach notification letters to all 67,897 individuals who were impacted by the security incident[4].

UI Community HomeCare provides home healthcare services, including the delivery of durable medical equipment and infusion therapy. It is part of the University of Iowa Health System, one of the largest healthcare systems in Iowa, employing more than 16,500 people and generating approximately $1.8 billion in annual revenue[4].

In response to the breach, UI Community HomeCare has likely taken steps to secure its systems, review and enhance its data protection measures, and comply with regulatory requirements regarding the breach. Affected individuals were advised to monitor their accounts and credit reports for signs of identity theft or fraud and to take advantage of any credit monitoring services offered by UI Community HomeCare as part of their response to the breach[4].

Citations:

  1. https://www.uicommunityhomecare.org/ui-community-homecare-data-privacy-event
  2. https://www.kcrg.com/2023/01/31/uihc-website-possibly-hit-by-cyber-attack/
  3. https://www.ibm.com/topics/data-breach
  4. https://www.jdsupra.com/legalnews/ui-community-homecare-files-notice-of-8252280/
  5. https://www.wqad.com/article/news/local/university-of-iowa-hospitals-and-clinics-website-russian-hackers-cyber-attack/526-7b128882-1142-48a4-a5f6-2769562e300c
  6. https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
  7. https://www.thegazette.com/higher-education/lawsuit-accuses-university-of-iowa-health-system-of-negligence-for-data-breach/
  8. https://www.techtarget.com/searchsecurity/news/366538296/Iowa-hospital-discloses-breach-following-Royal-ransomware-leak
  9. https://www.trendmicro.com/vinfo/us/security/definition/data-breach
  10. https://www.beckershospitalreview.com/cybersecurity/former-staff-patient-sue-iowa-health-system-over-march-breach.html
  11. https://www.kcrg.com/2023/11/28/lawsuit-filed-against-univ-iowa-community-homecare-following-data-breach/
  12. https://www.kaspersky.com/resource-center/definitions/data-breach
  13. https://www.thelyonfirm.com/blog/ui-community-homecare-data-breach-investigation/
  14. https://www.public-health.uiowa.edu/incident-handling/
  15. https://www.csoonline.com/article/534628/the-biggest-data-breaches-of-the-21st-century.html
  16. https://original.newsbreak.com/@openclassactions-com-1602283/3054439463605-are-you-a-university-of-iowa-health-care-patient-you-may-be-owed-compensation-over-a-medical-information-data-breach
  17. https://www.fortinet.com/resources/cyberglossary/data-breach
  18. https://www.teiss.co.uk/news/ui-community-homecare-says-march-data-breach-impacted-more-than-67000-patients-12315
  19. https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/what-data-breach-and-what-do-we-have-do-case-data-breach_en
  20. https://beyondmachines.net/event_details/ui-community-homecare-reports-data-breach-affecting-more-than-60000-individuals-j-u-7-9-6
  21. https://www.mcafee.com/learn/what-is-a-data-breach-and-how-do-you-avoid-it/
Breach Submission Date May 24, 2023
Converted Entity Name UI Community Home Care, a subsidiary of University of Iowa Health System
Converted Entity Type Healthcare Provider
State IA
Individuals Affected 67,897
Breach Type Hacking/IT Incident

Breach Information Location Electronic Medical Record, Network Server

Business Associate Present Yes