3M Patients May Be Affected By Advocate Aurora Data Breach

DOWNERS GROVE, IL — As many as 3 million patients may have been affected by a data breach across the Advocate Aurora Health network. The health care giant said it discovered the breach Thursday, attributing it to online tracking technologies called pixels used to understand how patients and others interacted with the Advocate Aurora website.

Advocate Aurora, which includes 27 hospitals across Illinois and Wisconsin, said the exposed data may have comprised information on patient portals available through the MyChart and LiveWell platforms. Such information may have included IP addresses, dates, times, and/or locations of scheduled appointments, proximity to an Advocate Aurora Health location, provider information, first and last names, medical record numbers and communications between patients and others through My Chart. Insurance information and if patients had used a proxy MyChart account may also have been breached.

When patients used the Advocate Aurora’s health portals, as well as scheduling widgets, certain protect health information would be disclosed in certain circumstances, particularly for users concurrently logged into their Facebook or Google accounts.

“We have disabled and/or removed these pixels and are taking appropriate action to ensure this does not happen again,” the system said. “We have disabled and/or removed the pixels from our platforms and launched an internal investigation to better understand what patient information was transmitted to our vendors.”

Advocate Aurora does not believe social security numbers, financial accounts, credit card or debit card information were involved in this incident at this time. Nor is the system aware of any misuse of patients’ private information.

While the exact number of patients affected by the breach is unknown. Advocate Aurora is presuming all 3.5 million patients are impacted out of an abundance of caution.

“As a precaution, you could remain vigilant and take steps to help protect your personal information, such as by ordering your free credit report and placing a fraud alert on your credit file,” the system said. “You should also review statements you receive from any financial institution or other business for signs of suspicious transactions, and contact the issuing institution if you see any activity you do not recognize.”

This story has been updated to reflect that the number of users possibly impacted by the Advocate Aurora data breach is 3 million users.