The personal information of some current and former Advocate Aurora Health employees, including their Social Security numbers and bank accounts, might have been compromised in an email phishing campaign.
The Milwaukee- and Downers Grove, Illinois-based health system said the early January breach gave an unauthorized individual temporary access to a human resource system that houses personal information of former and current employees.
For former and current employees of a particular Wisconsin location, the information included their Social Security number, bank account used for direct deposit, birth date and home address, the health system said in a notice to employees.
The system said it changed credentials and locked out the intruder when it learned of the incident on Jan. 9.
“We took immediate action to secure our employees’ information, notify those impacted, alert authorities and enhance our data security measures,” Advocate Aurora said in a statement. “Our continued investigation of the incident indicates a potentially broader unauthorized access to human resources data. Out of an abundance of caution, last week we notified all current and some former employees about the incident, providing them with complimentary credit monitoring and other resources regarding data security. As the sophistication of cyber-attacks increases, we remain ever vigilant and continue to work with authorities and external experts to enhance both education of our workforce and data safety protocols.”
Across its system, Advocate Aurora has more than 70,000 employees.
Advocate Aurora encouraged employees to “be vigilant for the next 12 to 24 months” and report any suspected fraud.