Getty Images

Over 68K Advocate Aurora Patients Impacted by Elekta Health Data Breach

Advocate Aurora is informing over 68,000 patients of a recent data breach.

Advocate Aurora Health is notifying over 68,000 patients of its seven Illinois sites that their PHI is part of the recent Elekta health data breach

A total of 68,707 individuals are impacted by this recent health data breach, according to the US Department of Health and Human Services Office for Civil Rights. 

Advocate Aurora Health reported the incident to the Office for Civil Rights on July 16, according to OCR, and is in the process of notifying these patients.  

Seven Advocate Auora Health sites in Illinois were impacted by the breach, according to a statement published on its website.  

Those seven sites include: Advocate Condell Medical Center, Advocate Illinois Masonic Medical Center, Advocate Lutheran General Hospital, Advocate Good Shepherd Hospital, Advocate Good Samaritan Hospital, Advocate Christ Medical Center, and Advocate High Tech Medical Park.  

There are approximately “170 healthcare systems and organizations affected by two security incidents in April 2021 targeting Elekta, Inc., a third-party company that Advocate Aurora uses to coordinate delivery of radiation services and therapies to patients in seven of our Illinois sites...” the statement reads.  

“The following information may have been stored on Elekta’s systems: patient’s first and/or last name; social security number; street address; date of birth; height; weight; driver’s license number; medical diagnosis; medical treatment details; appointment confirmations; and other information that Advocate Aurora may have about its patients. No financial account, credit card, or debit card information was involved in this incident,” the statement reads.  

“At the time, our teams worked promptly to ensure continuity of care with minimal patient disruptions,” it noted. 

Elekta’s April 2021 data breach impacted several US-based healthcare facilities, including: Renown Health in Nevada, Yale New Haven Health, Lifespan, Southcoast Health, and the Cancer Centers of Southwest Oklahoma.   

Elekta also released a statement on its website regarding the cyberattacks. 

“Elekta’s first-generation cloud-based storage system has experienced a data security incident,” the company said in a statement. “A subset of customers in North America are affected.” 

Elekta is working with cyber experts and law enforcement during its investigation, the company statement reads.  

It launched the investigation to “understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments. We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care.” 

“As an added precaution, Elekta is also offering complimentary access to identity monitoring, fraud consultation, and identity theft restoration services,” the Advocate Aurora statement notes.    

“Both Advocate Aurora and Elekta apologize for the inconvenience that this incident may cause. We take all data security matters seriously and are taking steps to minimize the chances of a similar occurrence happening again.” 

Patients with questions or concerns can call the assistance line at (833) 796-8636, Monday through Friday from 9 am to 11 pm EST, and on weekends from 11 am to 8 pm EST. 

Next Steps

Dig Deeper on Cybersecurity strategies