Iowa City, IA – September 2, 2025 – A cyber incident at University of Iowa Community HomeCare, an affiliate of University of Iowa Health Care, has potentially compromised the personal information of around 211,000 patients. Notification letters were mailed to affected individuals on August 29, 2025, detailing the breach and offering guidance on protective measures.

According to the letters sent to patients, the incident occurred on July 3, 2025, when an unauthorized party gained access to UI Community HomeCare’s computer systems. The organization, which provides home infusion and medical equipment services to residents in Iowa, western Illinois, and northern Missouri, promptly responded by shutting down its servers and engaging cybersecurity experts. Systems were restored within one business day, but a subsequent investigation revealed that the intruder had viewed and copied certain data files.

The breached files included shared patient information from UI Health Care, such as names, dates of birth, medical record numbers, providers, types of visits, insurance details, and dates of service. Importantly, UI Health Care’s electronic health record system and servers remained unaffected, as the two entities maintain separate IT infrastructures despite their collaborative relationship in patient care and data sharing.

In the notification, UI Health Care emphasized that there is currently no evidence of the stolen information being misused. However, patients are urged to stay vigilant against identity theft and fraud by monitoring account statements and credit reports. The letter includes steps for obtaining free credit reports and placing fraud alerts with major credit bureaus like Equifax, Experian, and TransUnion.

Affected individuals can contact a dedicated support line at 833-745-0871, available Monday through Friday from 8 a.m. to 8 p.m. Central Time (excluding major U.S. holidays), using a provided engagement number. Additional resources are available on the UI Health Care website at uihc.org.

UI Health Care has reported the incident to law enforcement and is collaborating with UI Community HomeCare to enhance security protocols and prevent future occurrences. “We deeply regret this incident and are committed to strengthening our systems,” the letter states, underscoring the organization’s priority on patient trust and data protection.

This breach adds to growing concerns over cybersecurity in healthcare, where sensitive patient data is increasingly targeted by cybercriminals. Patients who received the letter are encouraged to review it carefully and take proactive steps to safeguard their information.

---