Northwestern Memorial HealthCare Confirms Data Breach After a Supply-Chain Attack

Northwestern Memorial HealthCare Confirms Data Breach After a Supply-Chain Attack

Northwestern Memorial HealthCare (NMHC) providers suffered a data breach exposing private medical information.

The breach occurred at a third-party provider, Electa, a cloud-based platform that handles legally required cancer reporting to the State of Illinois. It affected individuals who visited NMHC’s hospitals and clinics.

According to the official statement, unauthorized attackers gained access to the patient records and made a copy of the NMHC’s dataset.

The database included information about cancer treatment, including treatment plans and drug information, as well as patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers.

Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, and Northwestern Medicine Valley West Hospital.

The organization said that the incident did not compromise the patients’ financial information. And the attackers did not gain access to NMHC’s IT systems and networks.

“Based on the nature of the incident and its investigation, Elekta has no reason to believe that any of the data involved was or will be misused or will be made available publicly,” the organization said.

NMHC offered free credit monitoring services to those patients whose Social Security numbers were exposed.

NMHC also encourages patients to review their statements from their health insurer or healthcare provider to make sure they were not billed for services they did not receive. 

“We regret that this incident occurred and are committed to protecting the security and privacy of patient information,” the organization offered an apology.

It is also “re-evaluating its relationship with Elekta”.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.