Third-party provider has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers.

Risk to Business: 1.771= Severe

A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, and Northwestern Medicine Valley West Hospital.

Individual Risk: 1.603= Severe

The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.