Data breach may have compromised up to 68,000 Advocate Aurora Health patients’ info, company says

Patients at seven Illinois sites, including Advocate Good Shepherd Hospital in Barrington, were impacted, Advocate Aurora Health says

Advocate Good Shepherd Hospital in Barrington is shown in this December 2017 file photo.

Advocate Aurora Health announced Friday that the health information of up to 68,000 patients may have been impacted by a third-party security breach this spring that may have exposed their names, Social Security numbers, medical details and other personal information.

The breach at Elekta Inc., a third-party company that Advocate Aurora uses to coordinate delivery of radiation services and therapies, occurred in April, and Advocate Aurora Health said in a news release Friday that it learned on May 17 that the breach may have impacted its patients.

Advocate Aurora Health said the breach compromised the personal health information patients at seven of its Illinois sites, including Advocate Good Shepherd Hospital in Barrington, Advocate Condell Medical Center in Libertyville, Advocate Lutheran General Hospital in Park Ridge, Advocate Good Samaritan Hospital in Downers Grove, Advocate Christ Medical Center in Oak Lawn, Advocate High Tech Medical Park in Palos Heights and Advocate Illinois Masonic Medical Center in Chicago.

Northwestern Memorial HealthCare previously announced its patients, including those at Northwestern Medicine hospitals in McHenry and Huntley, were impacted by the breach. The breach has impacted about 170 health systems and organizations, Advocate Aurora Health said in the release.

Advocate Aurora Health is also notifying impacted patients, it said.

The compromised information may include patients’ first and last names, Social Security numbers, street addresses, dates of birth, height and weight, driver’s license numbers, medical diagnosis, medical treatment details and appointment confirmations, according to the release. Financial information was not accessed, the company said.

Advocate Aurora Health said it is “not aware of any improper use of patient information” but was notifying potentially impacted patients and providing them with identity monitoring, fraud consultation and identity theft restoration services.

“Advocate Aurora takes the security of patient information very seriously and has taken steps to address this issue with Elekta and to prevent similar events from reoccurring,” the system said in the release. “Immediately after Elekta notified us of the incidents, we began working with Elekta to better understand the nature and scope of the incidents and to coordinate our efforts to continue safely treating patients while keeping all information secure.”

In an April statement, Elekta said that immediately upon learning of the breach, it partnered with “leading cyber experts and law enforcement” to investigate what happened, mitigate any harm and offer its customers a solution.

For information, go to or call Advocate Aurora’s assistance line at 833-796-8636 between 8 a.m. and 10 p.m. Monday through Friday and between 10 a.m. and 7 p.m. Saturday and Sunday.