The personal information, including Social Security numbers, bank accounts used for direct deposit, birth dates and home addresses, of some employees at Advocate Aurora was disclosed in a recent cybersecurity incident, according to a memo sent to employees this week.
Advocate Aurora Health told employees that the incident, which occurred last month, gave unauthorized and temporary access to the computer system for human resources.
The incident occurred through a phishing attack — the most common way that information systems are breached.
Phishing entails sending an email, sometimes under the name and address of a co-worker or associate, that contains a Word document, PDF file or link that contains “scripting,” or executable code.
“We took immediate action to secure our employees’ information, notify those impacted, alert authorities and enhance our data security measures,” Advocate Aurora said in a statement. “Our continued investigation of the incident indicates a potentially broader unauthorized access to human resources data.”
The health system, which employs 74,000 people, said that it notified all current and some former employees this week.
Read the full story here.