[BreachExchange] Hackers may have accessed personal information of Aurora Medical Center Bay Area patients

Destry Winant destry at riskbasedsecurity.com
Wed Apr 22 10:31:03 EDT 2020


MARINETTE – Hackers may have stolen personal information from patients at
Aurora Medical Center Bay Area.

Someone used an email phishing scam around January 1 to gain access to
email accounts of several of the Marinette hospital's employees, according
to Advocate Health Aurora.

When hospital leaders learned of the breach on Jan. 9, they alerted federal
and state law enforcement, started an internal investigation and changed
credentials for the employee accounts.

Officials said the hackers didn’t get into the hospital's electronic health
records system, but they might have had access to patients’ personal and
health information through employee emails.

Officials said they aren’t aware of any “improper use of the patient
information.” The hospital is reaching out to patients who might have been
affected and offering “complimentary credit monitoring out of an abundance
of caution.”

Officials said the information might have included a patient’s:

   - First and last name
   - Maiden name
   - Marital status
   - Date of birth
   - Street address
   - Email address and phone number
   - Dates of admission, discharge or treatment
   - Social security number
   - Medical record number
   - Health insurance account number
   - Medical device number
   - Drivers license number
   - Passport number
   - Bank account numbers
   - Full face photograph

Officials encourage patients to review financial accounts and report any
suspicious activity. Patients who have questions about the incident can
visit the Advocate Aurora Health website or call 866-242-1807.

Hospital leaders said they've enhanced data security measures by
implementing software to help employees identify phishing emails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20200422/7e7ce3b8/attachment.html>

More information about the BreachExchange mailing list