University of Iowa Health Care reports data breach affecting 211,000 individuals

University of Iowa Health Care and its affiliate, UI Community HomeCare, disclosed last week that a July cyberattack exposed the personal and health information of more than 211,000 people.

The breach was detected on July 3, 2025, when a hacker gained access to UI Community HomeCare’s network. Officials said the intrusion was contained and systems were restored within one business day. Forensic specialists were brought in to investigate, confirming that some data files had been exfiltrated. The hospital emphasized that its electronic medical record system was not accessed.

Because the two entities share patients, employees, and some data, the compromised files included information belonging to both University of Iowa Health Care and UI Community HomeCare. Impacted records varied but could include names, addresses, phone numbers, dates of birth, provider names, medical record numbers, visit types, service dates, insurance details, and Social Security numbers.

Notification letters were mailed to affected individuals last week. While there is no evidence that the stolen data has been misused, recipients were urged to review their account statements, credit reports, and insurance documents for suspicious activity.

The breach affects approximately 211,000 people. Both organizations said they have strengthened system monitoring and implemented new safeguards to reduce the risk of future incidents.