UChicago Medicine Company CyberSecurity Posture
uchicagomedicine.org
The University of Chicago Medicine has been at the forefront of medicine since 1927, when we cared for our first patients. Our mission is to provide superior health care in a compassionate manner, ever mindful of each patient's dignity and individuality. To accomplish our mission, we call upon the skills and expertise of all who work together to advance medical innovation, serve the health needs of the community, and further the knowledge of those dedicated to caring. As one of the nation’s leading academic medical institutions, UChicago Medicine comprises the Medical Center, Pritzker School of Medicine and the Biological Sciences Division. Its main Hyde Park campus is home to the Center for Care and Discovery, Bernard Mitchell Hospital, Comer Children’s Hospital and the Duchossois Center for Advanced Medicine. It also has a 108,000-square-foot facility in Orland Park as well as an outpatient clinic in Chicago's South Loop, as well as affiliations and partnerships that create a regional network of doctors in dozens of Chicago-area communities. UChicago Medicine offers a full range of specialty-care services for adults and children through more than 40 institutes and centers including an NCI-designated Comprehensive Cancer Center. It has 805 licensed beds, nearly 850 attending physicians, about 2,500 nurses and over 1,100 residents and fellows. Harvey-based Ingalls Health joined UChicago Medicine’s network in 2016.
Company Details
university-of-chicago-medicine
7,539
83,089
62
uchicagomedicine.org
591
UCH_1944778
Completed
UChicago Medicine Risk Score (AI oriented)Between 650 and 699
UChicago Medicine Global Score (TPRM)XXXX
Description: A data breach at **Nationwide Recovery Services**, a third-party debt collection agency, exposed sensitive information of **38,000 University of Chicago Medicine Medical Group patients**. The compromised data included **names, birthdates, addresses, Social Security numbers, financial records, and medical details**, though University of Chicago Medical Center patients were unaffected. The breach was discovered in **July 2023**, with officials warning affected individuals to monitor credit reports and account statements for fraudulent activity. The incident highlights the healthcare sector’s vulnerability to cyberattacks, particularly those targeting third-party vendors with access to patient data. While no direct ransomware or systemic disruption was reported, the exposure of **highly sensitive personal and financial information** poses significant risks of identity theft, financial fraud, and long-term reputational damage to both the medical group and the vendor.
Description: The Maine Office of the Attorney General reported that the University of Chicago Medical Center experienced an email security incident allowing unauthorized access to personal information between January 4, 2024, and January 30, 2024, affecting a total of 10,332 individuals. The breach was discovered on March 28, 2024, and social security numbers were among the types of compromised information.
No incidents recorded for UChicago Medicine in 2025.
No incidents recorded for UChicago Medicine in 2025.
No incidents recorded for UChicago Medicine in 2025.
UChicago Medicine cyber incidents detection timeline including parent company and subsidiaries
The University of Chicago Medicine has been at the forefront of medicine since 1927, when we cared for our first patients. Our mission is to provide superior health care in a compassionate manner, ever mindful of each patient's dignity and individuality. To accomplish our mission, we call upon the skills and expertise of all who work together to advance medical innovation, serve the health needs of the community, and further the knowledge of those dedicated to caring. As one of the nation’s leading academic medical institutions, UChicago Medicine comprises the Medical Center, Pritzker School of Medicine and the Biological Sciences Division. Its main Hyde Park campus is home to the Center for Care and Discovery, Bernard Mitchell Hospital, Comer Children’s Hospital and the Duchossois Center for Advanced Medicine. It also has a 108,000-square-foot facility in Orland Park as well as an outpatient clinic in Chicago's South Loop, as well as affiliations and partnerships that create a regional network of doctors in dozens of Chicago-area communities. UChicago Medicine offers a full range of specialty-care services for adults and children through more than 40 institutes and centers including an NCI-designated Comprehensive Cancer Center. It has 805 licensed beds, nearly 850 attending physicians, about 2,500 nurses and over 1,100 residents and fellows. Harvey-based Ingalls Health joined UChicago Medicine’s network in 2016.
Lehigh Valley Health Network (LVHN) is proudly part of Jefferson Health, forming a leading integrated academic health care delivery system. With 65,000 colleagues, 32 hospitals and over 700 sites of care across the Lehigh Valley, northeastern Pennsylvania, Delaware Valley and southern New Jersey. L
Encompass Health is the largest owner and operator of rehabilitation hospitals in the United States. With a national footprint that includes 158 hospitals in 37 states and Puerto Rico, the Company provides high-quality, compassionate rehabilitative care for patients recovering from a major injury or
Tenet Healthcare Corporation (NYSE: THC) is a diversified healthcare services company headquartered in Dallas. Our care delivery network includes United Surgical Partners International, the largest ambulatory platform in the country, which operates ambulatory surgery centers and surgical hospitals.
Adventist Health is a faith-inspired, nonprofit integrated health system serving more than 100 communities on the West Coast and Hawaii with over 440 sites of care. Founded on Adventist heritage and values, Adventist Health provides care in hospitals, clinics, home care agencies, hospice agencies, a
BayCare is a leading not-for-profit academic health care system that connects individuals and families to a wide range of services at 16 hospitals, including a children’s hospital, and hundreds of other convenient locations throughout the Tampa Bay and central Florida regions. The system is West Cen
Every day, 119,000 compassionate caregivers serve patients and communities through Providence St. Joseph Health, a national, Catholic, not-for-profit health system, driven by a belief that health is a human right. Rooted in the founding missions of the Sisters of Providence and the Sisters of St.
Geisinger is among the nation’s leading providers of value-based care, serving 1.2 million people in urban and rural communities across Pennsylvania. Founded in 1915 by philanthropist Abigail Geisinger, the nonprofit system generates $10 billion in annual revenues across 126 care sites — including 1
OhioHealth is a nationally recognized, not-for-profit, faith-based health system of more than 35,000 associates, providers and volunteers. We lead with our mission to improve the health of those we serve throughout our 16 hospitals and 200+ urgent, primary and specialty care sites spanning 50 Ohio c
From a single medical centre to a performance-driven healthcare enterprise spread across more than 400+ medical establishments, including 15 hospitals, 120 clinics and 307 pharmacies in GCC and growing, Aster DM Healthcare has transitioned into being the leading healthcare authority across the Middl
.png)
A data breach at St. Anthony Hospital in Chicago might have exposed the personal information of patients and staff, officials warned on...
The breach may have exposed the personal information of 6679 people. The hospital said it has no evidence that any of the information has...
Federal prosecutors in the U.S. have accused a trio of allegedly hacking the networks of five U.S. companies with BlackCat (aka ALPHV)...
Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to...
Using AI, UChicago Medicine is implementing a system that will route those routine moments to AI agents in the first line of response,...
The University of Chicago Medical Center lost its bid to toss a wiretapping lawsuit alleging it disclosed patients' data to Meta Platforms...
Clarifying the complex and evolving U.S. regulatory framework around medical devices and wearables and the responsibilities of developers...
AdventHealth Shawnee Mission is now affiliated with UChicago Medicine Cancer Network by University of Chicago Medicine.
When Sabur Ajao earned his Certified Information Systems Security Professional (CISSP) credential in 2020, he joined an elite group of...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of UChicago Medicine is http://www.uchicagomedicine.org.
According to Rankiteo, UChicago Medicine’s AI-generated cybersecurity score is 691, reflecting their Weak security posture.
According to Rankiteo, UChicago Medicine currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, UChicago Medicine is not certified under SOC 2 Type 1.
According to Rankiteo, UChicago Medicine does not hold a SOC 2 Type 2 certification.
According to Rankiteo, UChicago Medicine is not listed as GDPR compliant.
According to Rankiteo, UChicago Medicine does not currently maintain PCI DSS compliance.
According to Rankiteo, UChicago Medicine is not compliant with HIPAA regulations.
According to Rankiteo,UChicago Medicine is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
UChicago Medicine operates primarily in the Hospitals and Health Care industry.
UChicago Medicine employs approximately 7,539 people worldwide.
UChicago Medicine presently has no subsidiaries across any sectors.
UChicago Medicine’s official LinkedIn profile has approximately 83,089 followers.
UChicago Medicine is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
No, UChicago Medicine does not have a profile on Crunchbase.
Yes, UChicago Medicine maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/university-of-chicago-medicine.
As of November 28, 2025, Rankiteo reports that UChicago Medicine has experienced 2 cybersecurity incidents.
UChicago Medicine has an estimated 30,037 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with advisory to affected patients to monitor credit reports and account statements..
Title: Email Security Incident at University of Chicago Medical Center
Description: The Maine Office of the Attorney General reported that the University of Chicago Medical Center experienced an email security incident allowing unauthorized access to personal information between January 4, 2024, and January 30, 2024, affecting a total of 10,332 individuals. The breach was discovered on March 28, 2024, and social security numbers were among the types of compromised information.
Date Detected: 2024-03-28
Type: Data Breach
Attack Vector: Email
Title: Data Breach at Nationwide Recovery Services Affecting University of Chicago Medicine Medical Group Patients
Description: Information from 38,000 University of Chicago Medicine (UCM) Medical Group patients was stolen following a breach of third-party debt collection agency Nationwide Recovery Services in July. Attackers obtained patients' names, birthdates, addresses, Social Security numbers, financial data, and/or medical details. The breach did not affect University of Chicago Medical Center patients. Affected individuals were advised to monitor their credit reports and account statements for potential fraud. This incident highlights the rising cybercrime targeting the healthcare industry.
Type: data breach
Motivation: financial gaindata theft
Common Attack Types: The most common types of attacks the company has faced is Breach.
Data Compromised: Social security numbers
Data Compromised: Names, Birthdates, Addresses, Social security numbers, Financial data, Medical details
Brand Reputation Impact: potential reputational damage due to patient data exposure
Identity Theft Risk: high (patients advised to monitor credit reports)
Payment Information Risk: financial data compromised
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Social Security Numbers, , Pii (Personally Identifiable Information), Phi (Protected Health Information), Financial Data and .
Entity Name: University of Chicago Medical Center
Entity Type: Healthcare
Industry: Healthcare
Location: Chicago, IL
Customers Affected: 10332
Entity Name: University of Chicago Medicine Medical Group
Entity Type: healthcare provider
Industry: healthcare
Location: Chicago, Illinois, USA
Customers Affected: 38,000 patients
Entity Name: Nationwide Recovery Services
Entity Type: third-party vendor (debt collection agency)
Industry: financial services
Communication Strategy: advisory to affected patients to monitor credit reports and account statements
Type of Data Compromised: Social security numbers
Number of Records Exposed: 10332
Sensitivity of Data: High
Type of Data Compromised: Pii (personally identifiable information), Phi (protected health information), Financial data
Number of Records Exposed: 38,000
Sensitivity of Data: high (includes SSNs, medical details, financial data)
Regulations Violated: potential HIPAA violations (if PHI was unsecured),
Lessons Learned: Increased vigilance required for third-party vendor security in the healthcare sector due to rising cybercrime targeting hospitals and patient data.
Recommendations: Enhance third-party vendor risk assessments and security audits., Implement stricter data protection measures for PII/PHI shared with external partners., Provide credit monitoring services to affected patients., Improve incident response coordination between healthcare providers and third-party vendors.Enhance third-party vendor risk assessments and security audits., Implement stricter data protection measures for PII/PHI shared with external partners., Provide credit monitoring services to affected patients., Improve incident response coordination between healthcare providers and third-party vendors.Enhance third-party vendor risk assessments and security audits., Implement stricter data protection measures for PII/PHI shared with external partners., Provide credit monitoring services to affected patients., Improve incident response coordination between healthcare providers and third-party vendors.Enhance third-party vendor risk assessments and security audits., Implement stricter data protection measures for PII/PHI shared with external partners., Provide credit monitoring services to affected patients., Improve incident response coordination between healthcare providers and third-party vendors.
Key Lessons Learned: The key lessons learned from past incidents are Increased vigilance required for third-party vendor security in the healthcare sector due to rising cybercrime targeting hospitals and patient data.
Source: Maine Office of the Attorney General
Source: CBS News Chicago
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General, and Source: CBS News Chicago.
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through advisory to affected patients to monitor credit reports and account statements.
Stakeholder Advisories: Patients advised to monitor credit reports and account statements for fraud.
Customer Advisories: UCM Medical Group notified affected patients of the breach and potential risks.
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Patients advised to monitor credit reports and account statements for fraud. and UCM Medical Group notified affected patients of the breach and potential risks..
High Value Targets: Patient Pii/Phi, Financial Data,
Data Sold on Dark Web: Patient Pii/Phi, Financial Data,
Root Causes: Third-Party Vendor (Nationwide Recovery Services) Breach, Potential Inadequate Security Controls At Vendor Level,
Most Recent Incident Detected: The most recent incident detected was on 2024-03-28.
Most Significant Data Compromised: The most significant data compromised in an incident were Social Security Numbers, , names, birthdates, addresses, Social Security numbers, financial data, medical details and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names, medical details, financial data, Social Security Numbers, addresses, Social Security numbers and birthdates.
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 38.1K.
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Increased vigilance required for third-party vendor security in the healthcare sector due to rising cybercrime targeting hospitals and patient data.
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement stricter data protection measures for PII/PHI shared with external partners., Improve incident response coordination between healthcare providers and third-party vendors., Provide credit monitoring services to affected patients. and Enhance third-party vendor risk assessments and security audits..
Most Recent Source: The most recent source of information about an incident are Maine Office of the Attorney General and CBS News Chicago.
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Patients advised to monitor credit reports and account statements for fraud., .
Most Recent Customer Advisory: The most recent customer advisory issued was an UCM Medical Group notified affected patients of the breach and potential risks.
.png)
ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting (XSS) vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if the malicious images are embedded in an `iframe` element, during a widget creation, deployed to any page of the platform (e.g., dashboards), and accessed during normal operations. The vulnerability resides in the `ImageController`, which fails to restrict the execution of JavaScript code when an image is loaded by the user's browser. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions.
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to to verify that the token used during the code exchange originates from the same authentication flow, which allows an authenticated user to perform account takeover via a specially crafted email address used when switching authentication methods and sending a request to the /users/login/sso/code-exchange endpoint. The vulnerability requires ExperimentalEnableAuthenticationTransfer to be enabled (default: enabled) and RequireEmailVerification to be disabled (default: disabled).
Mattermost versions 11.0.x <= 11.0.2, 10.12.x <= 10.12.1, 10.11.x <= 10.11.4, 10.5.x <= 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/{channel_id}/common_teams endpoint
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9.
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid