Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

USA: Advocate Aurora Health announces data breach

Advocate Aurora Health notified, on 16 July 2021, the U.S. Department of Health & Human Services Office for Civil Rights ('OCR') of a data breach affecting 68,707 of its patients. In particular, Advocate Aurora noted that they are among approximately 170 health care systems and organisations affected by two security incidents in April 2021 targeting Elekta, Inc., a third-party company that Advocate Aurora uses to coordinate delivery of radiation services and therapies to patients in seven of their Illinois sites including Advocate Condell Medical Center, Advocate Illinois Masonic Medical Center, Advocate Lutheran General Hospital, Advocate Good Shepherd Hospital, Advocate Good Samaritan Hospital, Advocate Christ Medical Center, and Advocate High Tech Medical Park.

In addition, Advocate Aurora outlined that, on or about 17 May 2021, through continuing engagement of its forensic investigator, Elekta notified Advocate Aurora that the information security system intrusions which Elekta had experienced, in April 2021, resulted in potential access to, and theft of, Advocate Aurora patient health information. Although Elekta could not confirm specifically what information may have been accessed or stolen, it was unable to rule out the possibility that personal health information may have been compromised.

Moreover, Advocate Aurora noted that the following information may have been stored on Elekta's systems:

  • patient's first and/or last name;
  • social security number;
  • street address;
  • date of birth;
  • height;
  • weight;
  • driver's license number;
  • medical diagnosis;
  • medical treatment details;
  • appointment confirmations; and
  • other information that Advocate Aurora may have about its patients.

Finally, Advocate Aurora added that no financial account, credit card, or debit card information was involved in this incident.

You can read the press release here and the OCR notification here.