UI Community HomeCare reports data breach affecting 211,000 patients

The University of Iowa Health Care and its affiliate UI Community HomeCare in Iowa City, Iowa, reported a data breach that exposed sensitive patient information

The cyberattack occurred on July 3, 2025. UI Community HomeCare shut down their servers to stop the attack and engaged cybersecurity experts to investigate. The investigation confirmed that the attackers was able to access and copy data files containing patient information from both UI Community HomeCare customers and a group of UI Health Care patients.

The exposed data includes:

• Patient names
• Dates of birth
• Medical record numbers
• Healthcare provider information
• Types of medical visits
• Medical insurance information
• Dates of service

The incident affects 211,000 people. The nature of the attack is not disclosed. Officials claim that no electronic health record systems were affected by the incident.

UI Community HomeCare sent notification letters to the affected individuals.  The organizations have provided affected patients with guidance on monitoring their credit reports and protecting against potential identity theft, including access to free annual credit reports from major credit reporting agencies and options for fraud alerts or credit freezes.

Previously, UI Community HomeCare reported a data breach in 2023, which affected 67,897 individuals.