University of Iowa Health Care (UIHC) and its affiliate, University of Iowa Community HomeCare, experienced a cybersecurity breach on July 3, 2025, when an unauthorized individual accessed UI Community HomeCare’s computer systems. Although servers were shut down and restored within a business day, a forensic investigation revealed that a cybercriminal exfiltrated data files containing sensitive patient information. The compromised data included names, dates of birth, medical record numbers, provider details, visit types, insurance information, and service dates for approximately 211,000 individuals, spanning patients of both UIHC and UI Community HomeCare. While UIHC’s electronic health record (EHR) systems remained unaffected, the breach exposed shared patient and employee files. The incident prompted UIHC to issue notification letters (sent August 29, 2025), offering credit monitoring resources and fraud alerts. No evidence of misuse has been reported, but the exposure of personally identifiable information (PII) and healthcare-related data poses significant risks of identity theft, financial fraud, or targeted phishing attacks. UIHC has committed to strengthening cybersecurity measures to prevent future incidents.
TPRM report: https://www.rankiteo.com/company/university-of-iowa-health-care
"id": "uni916090225",
"linkid": "university-of-iowa-health-care",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '211,000 (shared with UI '
'Community HomeCare)',
'industry': 'Healthcare',
'location': 'Iowa, USA',
'name': 'University of Iowa Health Care (UIHC)',
'type': 'Healthcare Provider'},
{'customers_affected': '211,000',
'industry': 'Healthcare',
'location': 'Iowa, USA (serves Iowa, western Illinois, '
'northern Missouri)',
'name': 'University of Iowa Community HomeCare',
'type': 'Home Infusion and Medical Equipment Services '
'Provider'}],
'attack_vector': 'Unauthorized access to computer system (details '
'unspecified)',
'customer_advisories': ['Monitor credit reports via Equifax, Experian, and '
'TransUnion',
'Place fraud alerts or credit freezes if necessary',
'Review account statements for suspicious activity',
'Contact helpline for engagement-specific questions'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Patient data files',
'Shared employee/data files'],
'number_of_records_exposed': '211,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII and healthcare-related '
'data)',
'type_of_data_compromised': ['Patient names',
'Dates of birth',
'Medical record numbers',
'Provider details',
'Type of visit',
'Insurance information',
'Date of service']},
'date_detected': '2025-07-03',
'date_publicly_disclosed': '2025-08-29',
'date_resolved': '2025-07-04',
'description': 'University of Iowa Health Care (UIHC) and University of Iowa '
'Community HomeCare experienced a data breach where a '
'cybercriminal accessed and exfiltrated patient and employee '
'data files. Approximately 211,000 individuals were affected. '
'The breach was detected on July 3, 2025, when unauthorized '
"access to UI Community HomeCare's computer system occurred. "
'Servers were shut down, and systems were restored within one '
'business day. The compromised data included patient '
'information such as names, dates of birth, medical record '
'numbers, provider details, visit types, insurance '
'information, and service dates. No electronic health record '
'(EHR) systems were affected. Notification letters were sent '
'to impacted individuals on August 29, 2025.',
'impact': {'brand_reputation_impact': 'Moderate (public disclosure, apology '
'issued, credit monitoring advised)',
'data_compromised': True,
'downtime': 'Less than 1 business day (servers restored within a '
'day)',
'identity_theft_risk': 'High (PII exposed; credit monitoring '
'recommended)',
'operational_impact': 'Minimal (systems restored quickly, no EHR '
'impact)',
'payment_information_risk': 'Low (no explicit mention of payment '
'card data, but insurance info '
'exposed)',
'systems_affected': ['UI Community HomeCare computer system']},
'initial_access_broker': {'high_value_targets': ['Patient data files',
'Shared UIHC/UI Community '
'HomeCare files']},
'investigation_status': 'Completed (as of August 2025 disclosure)',
'lessons_learned': 'Need to strengthen systems and business processes at UI '
'Community HomeCare to prevent future incidents. '
'Importance of monitoring shared data files and '
'third-party affiliate security.',
'motivation': ['Data Theft', 'Potential Financial Gain', 'Identity Theft'],
'post_incident_analysis': {'corrective_actions': ['Strengthening UI Community '
"HomeCare's systems and "
'processes',
'Collaboration between UIHC '
'and UI Community HomeCare '
'to prevent future '
'incidents'],
'root_causes': ['Unauthorized access to UI '
"Community HomeCare's computer "
'system',
'Inadequate protection for shared '
'data files between UIHC and UI '
'Community HomeCare']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Enhance cybersecurity measures for affiliate '
'organizations (e.g., UI Community HomeCare)',
'Implement stricter access controls and monitoring for '
'shared data files',
'Provide credit monitoring and identity theft protection '
'resources to affected individuals',
'Conduct regular security audits and employee training'],
'references': [{'source': 'KCRG News Report'},
{'source': 'UIHC Public Notification Letter',
'url': 'https://uihc.org'},
{'source': 'Annual Credit Report Resources',
'url': 'https://www.annualcreditreport.com'},
{'source': 'Equifax Credit Monitoring',
'url': 'https://www.equifax.com/personal/credit-report-services/'},
{'source': 'Experian Fraud Alert',
'url': 'https://www.experian.com/help/'},
{'source': 'TransUnion Credit Help',
'url': 'https://www.transunion.com/credit-help'}],
'response': {'communication_strategy': ['Public disclosure via KCRG',
'Direct letters to affected '
'individuals',
'Dedicated helpline (833-745-0871)',
'Website updates (uihc.org)'],
'containment_measures': ['Servers shut down immediately'],
'incident_response_plan_activated': True,
'recovery_measures': ['Notification letters sent to affected '
'individuals',
'Credit monitoring guidance provided'],
'remediation_measures': ['Cybersecurity experts engaged for '
'investigation',
'Systems restored within one business '
'day'],
'third_party_assistance': True},
'stakeholder_advisories': ['Letters sent to 211,000 affected individuals',
'Public statement via KCRG',
'Helpline established for inquiries '
'(833-745-0871)'],
'threat_actor': 'Cybercriminal (unknown specific group or individual)',
'title': 'University of Iowa Health Care and UI Community HomeCare Data '
'Breach',
'type': ['Data Breach', 'Unauthorized Access']}