NM Alerts Notice of a Privacy Incident

Monday, August 23
11:12 AM CST

Notice of a Privacy Incident

Northwestern Memorial HealthCare (NMHC) is committed to protecting the security and confidentiality of patient information. Regrettably, this notice concerns a recent security incident experienced by Elekta, Inc., which provides a cloud-based platform to facilitate legally-required cancer reporting to the State of Illinois. 

On May 17, 2021, Elekta informed us that an unauthorized individual gained access to its systems between April 2, 2021 and April 20, 2021 and, during that time, acquired a copy of the database that stores some oncology patient information. The information may have included patient names, dates of birth, Social Security numbers, health insurance information, medical record numbers, and clinical information related to cancer treatment, such as medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. Financial account and payment card information was not involved. 

This incident did not involve access to NMHC’s systems, network, or electronic health records. It occurred on Elekta’s systems, which held a database for oncology patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital and Northwestern Medicine Valley West Hospital. This incident was not targeted at NMHC or its hospitals. 

Based on the nature of the incident and its investigation, Elekta has no reason to believe that any of the data involved was or will be misused or will be made available publicly. However, as a precaution, we are mailing letters to patients whose information may have been involved in this incident. We are also providing individuals whose Social Security number was involved with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health insurer or healthcare provider, and to contact them immediately if they see any services they did not receive. 

We regret that this incident occurred and are committed to protecting the security and privacy of patient information. To help prevent something like this from happening again, we are re-evaluating our relationship with Elekta. We have established a dedicated call center to answer any questions about this incident, at 855.731.3327, Monday through Friday, from 9 am to 5:30 pm CST.