Public Safety

City of Alton and Alton Police and Fire Departments, Madison County

Breach Type – Unknown, Malware

The Telegraph
March 24th, 2021

Mayor of Alton confirms a "data incident" on March 5th, 2021
City servers, including Police and Fire Department functionality, were impacted
Full functionality of city systems is still being restored

Chicago Police Department, Cook County

Breach Type – Hacking, Other

BroBible
June 2nd, 2020

Chicago and Minneapolis police departments were victim of cyberattack
Police communications were hacked, random music and other sounds were played over radio
Anonymous claimed responsibility for the attacks on both departments

Chicago Police Department, Cook County

Breach Type – Hacking, Other

Chicago Sun Times
June 2nd, 2020

Police radio and dispatch were inundated with rogue transmissions
Elaborate cyberattack substantially disrupted law enforcement communications
Officials confirmed that most officer's radios aren't protected

Herrin Police Department Website, Williamson County

Breach Type – Unknown, Other: Website Defacement

14 News
November 3rd, 2019

Bad actors that posted lewd pictures to PD Google Review caused 911 lines to be bogged down
Officials stated they would do a better job keeping track of their page
Both Google officials and statewide law enforcement agencies were notified of the cyberattack

City of Harvard Tornado Early Warning System, McHenry County

Breach Type - Hacking, Other

NBC Chicago
March 21st, 2019

Following several attacks a McHenry county city plans to remove its siren system
After investigation is was revealed that the malfunctions were due to attacks on the system
Due to the several false alarms many emergency and non-emergency calls were made clogging up 911 systems

Will County 911, Police & Fire Services, Will County

Breach Type - Malware

The Herald-News
October 19th, 2018

Virus infected Will County computer systems
Virus inhibited officers’ & firefighters’ ability to communicate in field with Will County 911 over mobile internet connection
Virus did not affect 911 phone system, radio, or CAD system
Officers manually filed reports rather than through online methods
No sensitive data or EMS reports accessed by hackers

Marion County Sheriff's Office

Breach Type - Data Breach

X95 Radio
April 3rd, 2018

Security breach compromised & removed private data
Affects those booked into Marion County Jail
Sheriff's office implementing additional safeguards to prevent future breaches

Wood River PD Prevents Major Attack

Breach Type - Ransomware

The Telegraph
May 5th, 2017

Hackers phished for vital information to Wood River PD
PD officials recognized ransomware and locked department out of computer systems
Had redundancy server (backup server) set up to protect information

Tech Talk
May 5th, 2017

No information was accessed during attack

Roxana PD Falls Victim

Breach Type - Ransomware

Fox 2 Now
February 10th, 2017

Chief of Police confirms ransomware infected computer systems
FBI asked to aid Roxana PD
Chief did not pay ransom

Suburban Chicago Police Department Pays $500 Ransom

Breach Type - Ransomware

Inquisitr
February 22nd, 2015

Read More

Local Government

Illinois Department of Innovation & Technology offers technical details associated with global ransomware attack, State of Illinois

Breach Type – Hacking, Ransomware

Illinois.gov
June 9th, 2023

“DoIT's Infrastructure and Security teams moved quickly to respond to the attack affecting Illinois' network, evicting the attacker within three hours and verifying that the vulnerability could no longer be exploited in our system. We are working with all relevant authorities and will provide regular updates to the people of Illinois."
“CISA and the FBI released an alert attributing the worldwide attack to the CL0P Ransomware Gang, which exploited a vulnerability in the third party MoveIT file transfer system. Within minutes of the attack on May 31, DoIT took immediate action, disconnected all associated systems that utilized the third-party software, and engaged its security incident response team to conduct a forensic analysis."
"DoIT's investigation is ongoing and the full extent of this incident is still being determined, but DoIT believes a large number of individuals could be impacted."

Illinois State Court Network hacked, Sagamon County

Breach Type – Unknown, Ransomware

The Cyber Express
April 21st, 2023

“Everest ransomware group has reportedly gained full access to the network of the US District Court in Illinois and is now offering to sell that access to interested buyers."
“According to the group, they have an employee within the court system who has granted them unrestricted access to confidential documents and other sensitive data.”
”The Illinois State Court system has not yet commented on the alleged breach”

Hackers stole data from multiple electric utilities in recent ransomware attack, Cook County

Breach Type – Unknown, Ransomware

ABC 17 NEWS
December 27, 2022

”Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack..."
"Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators have combed the dark web for the stolen data."
”The ransomware attack hit Chicago-based Sargent & Lundy, an engineering firm that has designed more than 900 power stations and thousands of miles of power systems and that holds sensitive data on those projects. …The firm also handles nuclear security issues, working with the departments of Defense, Energy and other agencies “to strengthen nuclear deterrence” and keep weapons of mass destruction out of terrorists’ hands."

Cyberattack temporarily takes down websites for O'Hare and Midway airports, Cook County

Breach Type – Hacking, DoS

CBS News
October 7th, 2022

“A cyberattack on Monday shut down the websites for O'Hare and Midway airports, and several other large airports across the country.”
”An FBI spokesperson confirmed they were aware of the cyberattack that took down flychicago.com for part of the morning on Monday, but would not confirm or deny if they were investigating.”
“The O'Hare and Midway websites were down for at least a few hours Monday morning, but was back up and running early Monday afternoon. The Chicago Department of Aviation said in a statement that no airport operations were affected..”

Mayor Troup: City paid ransom in cyberattack, Adams County

Breach Type – Unknown, Ransomware

KHQA ABC News
May 24th, 2022

“Quincy Mayor Mike Troup on Tuesday confirmed during a news conference on Tuesday that the city was the victim of a cyberattack in which there was an encryption key locking the city out of some of its files in exchange for ransom."
“On Monday night, the City Council approved a resolution authorizing emergency payment for three cyber security consulting services."
"The mayor said the city paid a nearly $500,000 ransom fee for the decryption key."
"Troup said it appears, at this point, no personal information related to residents has been stolen."

City of Quincy still investigating what happened with cyber attack, Adams County

Breach Type – Unknown, Malware

Muddy River News
May 9th, 2022

“The computer systems of the City of Quincy were hit with a cyber attack during the weekend. Quincy Mayor Mike Troup said Monday morning the attack apparently started at the Quincy Public Library before spreading through other departments.”
“The mayor said the city is still investigating what happened.”
"Our emails are still down. We cannot receive on our city email (accounts), and we cannot send out on the city emails,” he said. “We did have trouble with our telephones, (but) that has been restored. 911 works. There has not been any issue with with them. Police and fire still are responding. Central Services is virtually unaffected, except for the emails. Planning and development, that’s unaffected.”

DeKalb County Board Chairman Says Personal Information Not Stolen in Ransomware Attack, DeKalb County

Breach Type – Phishing, Ransomware

WSPY News
October 14th, 2021

“DeKalb County Board Chairman John Frieders says personal information is not thought to have been stolen in Monday's ransomware attack on DeKalb County. A hacking attack on the county has made some systems inaccessible.”
“Frieders says things are still running in the county, but it might harder to contact people as the email system is down.”
“Frieders says the county has not been contacted by anyone asking for a ransom to restore the county's systems. He says the county is working with police, including the Federal Bureau of Investigation, to get to the bottom of the attack.”

City of Moline falls victim of cyber attack, now under federal investigation, Rock Island County

Breach Type – Phishing, Other

ABC WGAD 8
November 10th, 2021

“It was made public that the City of Moline fell victim of a cyber-attack in form of a phishing scam. It was discovered by city staff in January 2021, and the apparent scam happened in December 2020. A vendor that the City of Moline works with reached out and explained that it had not received payment for services completed.”
“The city has insurance in place to cover cyber crime. This limits the exposure to Moline taxpayers to a maximum of $20,000 regardless of whether none, a portion or all of the stolen funds are recovered.”
“As a result of the incident, the city reviewed all of its internal control policies with the assistance of its auditors”
“The Moline Police Department still has an open investigation into this matter and is working with federal authorities on the investigation. Due to that, we aren't able to divulge further information that may jeopardize the investigation.”

This is a significant loss of taxpayers dollars': Rock Island County investigating wire fraud theft of more than $115,000

Breach Type – Phishing, Other

Quad City Times
August 13th, 2021

“June 1: Someone contacted the county auditor’s office by email, claiming to represent one of the contractors with whom the county works. The email asked that future payments be sent in a different way than previously because the company had changed bank accounts. The email was fraudulent.”
“June 18: The Rock Island County Auditor’s Office authorized a transaction of $97,042.50 to the new account.”
“An employee of my office was the victim of an email scam which resulted in the inadvertent transfer of over $115,000 to a fraudulent account before it was caught and stopped,” April Palmer, the county auditor, said in a news release. “The employee was led to believe by receiving a direct deposit request and a bank letter, that the payments were being sent to a long-time vendor of the County’s.”

Illinois Attorney General's Office, State of Illinois

Breach Type – Unknown, Ransomware

Chicago Tribune
April 30th, 2021

Threat actor group DoppelPaymer believed to be behind the attack
Attorney General's Office working with local and federal law enforcement
Some exfiltrated data has been posted online

Champaign-Urbana Public Health District’s, Champaign County

Breach Type – Unknown, Ransomware

Gazette
March 11th, 2020

Healthcare officials forced to use alternative means for communication
Ransomware cyberattack affected provider's network
Email accounts, health records, and patient medical records remained safe

La Salle County Government Systems, La Salle County

Breach Type - Unknown, Malware

WSPY News
February 24th, 2020

County computer systems affected following cyberattack
Emergency protocols enacted for offices that were hit
Several other facilities remained unimpacted

LCBC Radio
February 26th, 2020

Officials remained unsure about how many computers were hit
Courthouse possibly affected by cyberattack, email remained functional
Employees were unable to access anything outside stored information

WSPY News
February 26th, 2020

Officials confirmed county was hit in cyberattack
Bad actors used ransomware against network
Ransom demand to release systems had been made

City of Belvidere, Boone County

Breach Type – Unknown, Ransomware

RRSTAR
January 28th, 2020

Ransomware used in cyberattack against city government
Email and other services were taken out in the attack
Officials stated that no ransom had yet been delivered

Bureau County Website, Bureau County

Breach Type – Hacking, Other: Website Defacement

News Trib
January 15th, 2020

County website hacked by Iranians
Attack was breach of zoning area on website
Courthouse remained unaffected

Bartlett Public Library System, Cook, DuPage, & Kane Counties

Breach Type – Unknown, Ransomware

Data Breaches
January 9th, 2020

Ransomware cyberattack utilized against public library
Personal information was not compromised in the attack

Macon County Circuit Clerk's Office Website, Macon County

Breach Type – Hacking, Other: Website Defacement

Herald Review
August 19th, 2019

This attack specifically targeted the website causing another defacement along a string of related attacks
Investigations and imagery on the website point to the hackers being Iranian based
Private information was kept on a separate server and therefore unaffected by the recent hack

City of Chicago Department of Aviation, Cook County

Breach Type - Phishing, Malware

CBS Local
April 18th, 2019

After attempting to make payments of more than $1 Million to a vendor it had been noticed that it was a scam
A phishing email acting as a vendor had asked to change the bank accounts for payments
The money was paid to this spoofed account but had been recovered as the bank placed a hold on the fake account

Moultrie County Government Systems, Moultrie County

Breach Type - Ransomware

WAND TV
October 26th, 2018

Computer issues may be caused by dangerous ransomware
Reported issue to Illinois State Board of Elections as a database problem
As many as three servers may have been infected

Crawford County Clerk's Office, Crawford County

Breach Type - Ransomware

WTHITV
October 19th, 2018

Crawford County Clerk’s office hit with ransomware
Clerk’s office employees completed work manually to stay on task
Program and firewall updates to system are needed along with software updates to prevent future attacks

Perry County Government, Perry County

Breach Type - Ransomware

WJBD Radio
May 11th, 2018

Perry County computers shut down by ransomware attack
Mayor refused to pay ransom, having backup system in place
Wiped system clean & restored all files within 6 hours

Illinois State Election System

Breach Type - Hack

NBC News
March 28th, 2018

Detected malicious activity on network
Reported to DHS
No voter rolls were accessed/altered

Cook County Treasurer's Website

Breach Type - Cryptojack/Other

WCCF Tech
February 12th, 2018

Over 4,200 victims hijacked to mine Monero cryptocurrency
Secretly hijacked using compromised plug-in called "Browsealoud"
Though sites were affected for hours, no user data was affected/compromised

Batavia City

Breach Type - Data Breach

Chicago Tribune
February 2nd, 2018

W2 phishing scam targets Batavia
Over 240 employees potentially affected
Names, social security numbers, addresses, & earnings exposed

Montgomery County

Breach Type - Hack

The Journal News
November 17th, 2017

External malware affects some county government offices
911 operations not affected by malware
No breach of county data or loss currently

Illinois Department of Veterans' Affairs

Breach Type - Hack

Daily Herald
July 7th, 2017

Malware virus attack infects agency's network
Staff launched security incident response through Department of Innovation & Technology

My Wabash Valley
December 20th, 2017

Malware paralyzed computers for at least six weeks
Employees resort to manual activity for daily functions
Private data of veterans remained unaffected, not stolen

Illinois Elections

Breach Type - Hack

Capitol Facts
June 6th, 2017

Russian Hackers attack voting software supplier days before presidential election 2016
Report does not confirm if hack had any effect on election results
Hackers infected U.S. voting software company
Sent spear phishing emails to 100+ election officials
Illinois election officials confirm intrusion of state’s election system

Cook County

Breach Type - Ransomware

State Scoop
May 15th, 2017

First known government infection of WannaCry in U.S.
Barrage of phishing emails
No major Cook County operations affected

Illinois State Board of Elections Officials

Breach Type - Hack

Chicago Tribune
August 29th, 2016

Personal information of about 200,000 voters hacked
Cyber-attack from foreign origin
No files of registered voters were erased or modified
No voting history captured, or voter signatures
Drivers license numbers and last four digits of Social Security numbers could be compromised
Online entered information more likely to be compromised
Board took offline outside access to prevent further intrusions

Downers Grove, DuPage County

Breach Type - Hack

Chicago Tribune
July 25th, 2016

Cyber security issues prompt Governor to delete social media accounts
Gov. often posted political viewpoints on social media accounts
Online presence went dark

Kankakee County

Breach Type - Ransomware

Daily Journal
March 4th, 2016

Ransomware infects computer systems through phishing email
County officials decided against paying ransom and would not disclose how much hackers demanded
County files were saved on backup server

Medical

CommonSpirit caught up in MOVEit hack, Cook County

Breach Type – Unknown, Data Breach

Becker Hospital Review
September 14th, 2023

"Patients of Chicago-based CommonSpirit Health had their data compromised in the massive MOVEit hack that stole private information from millions of people across the globe.”
"The affected patients received care at the former Centennial, Colo.-based Centura Health, which now operates under the CommonSpirit name, and were exposed via the use of Nuance Communications, a Microsoft subsidiary that listens to and documents medical appointments, according to a Sept. 13 notice from CommonSpirit. Nuance employed the MOVEit file transfer software from Progress Software that was hacked in late May"
“The breached data may include patient and facility names, dates and types of service performed, and medical record numbers. The health system is mailing letters to affected patients..”

Morris Hospital investigating attack by Royal ransomware group, Grundy County

Breach Type – Unknown, Other

DataBreahes.net
May 25th, 2023

“Morris Hospital & Healthcare Centers is actively investigating a cybersecurity incident with the assistance of independent cybersecurity forensic experts. The incident has not impacted patient care or hospital operations.”
”The investigation was launched after the hospital detected unusual activity on its computer network that indicated an unauthorized third party had gained access to the network system. The network system is separate from the electronic medical record systems that are used for patient care. The hospital’s electronic medical record systems were not compromised."
“Hospital officials emphasize that the numerous IT security measures that were already in place at Morris Hospital were instrumental in preventing a more severe incident.”

Lake County Health Department reports security breach that exposed residents’ health data, personal information

Breach Type – Unknown, Data Breach

Lake & McHenry County Scanner
May 12th, 2023

"The health department has announced they experienced a security breach in their email system that exposed some Lake County residents’ personal health data and private information. Lake County officials announced late last week they became aware of the breach on March 6.”
"It involved an unauthorized third-party gaining access to a Lake County Health Department and Community Health Center employee’s email account."
”The impacted email account included partially de-identified information regarding Lake County residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23, 2012, and March 6, 2023."
“Information that may have been exposed includes names, addresses, zip codes, date of birth, gender, phone number, email address, medical record number, diagnoses or conditions, lab results and other treatment information used by the Communicable Disease outreach program."

Culbertson Memorial Hospital hit by cyber-attack, Schuyler County

Breach Type – Unknown, Other

WGEM
April 7, 2023

"Culbertson Memorial Hospital officials reported Friday the hospital had been the victim of a cyber-attack last week. Officials stated they discovered a network disruption at 3 a.m. March 30 that required information systems to be taken offline.”
”Director of Community Relations Molly Sorrell said Friday that the hospital does not know if any of its health care or patient account information was compromised."
“Right now our focus is to get up and running and fully functional by Tuesday,” Sorrell said. Snyder added, “while our investigation is ongoing, be assured Culbertson is working diligently to fully restore all systems so we can effectively serve the community. While we have regained the utilization to a portion of our systems, we expect to have fully restored critical service systems by April 11."

CommonSpirit Health cyberattack, month-long network outage cost $150M, Cook County

Breach Type – Unknown, Data Breach

SC Magazine
February 15th, 2023

"The ransomware attack and subsequent month-long network outage at CommonSpirit Health in October cost the major health system at least $150 million to date, according to its unaudited quarterly financial report.”
"The “adverse financial impact” of the cyber incident is tied to the associated business interruption, remediation costs, and other related business expenses."
"The health system posted $925 million in operating losses for the second half of 2022, of which the cyber incident was just a small portion. However, those losses were significantly larger than the year prior during the same period: just $128 million.”
”As extensively reported, a cyberattack was deployed against CommonSpirit during the first weekend in October that prompted outages and service disruptions at hospitals across the country. Despite being one of the largest health system’s in the U.S. with over 700 care sites and 142 hospitals in 21 states, only a small portion of those hospitals went down in the attack.”
”The disruptions, however limited in scope, were noticeable for the impacted hospitals. Clinicians leveraged protocols for handling system outages, but CHI Memorial was forced to reschedule some patient procedures. Virginia Mason Franciscan Health, another CommonSpirit affiliate, was also hard hit by the disruptions and saw its data stolen amid the hack.”

SC Magazine
February 15th, 2023

"The ransomware attack and subsequent month-long network outage at CommonSpirit Health in October cost the major health system at least $150 million to date, according to its unaudited quarterly financial report.”
“The “adverse financial impact” of the cyber incident is tied to the associated business interruption, remediation costs, and other related business expenses.”
"The health system posted $925 million in operating losses for the second half of 2022, of which the cyber incident was just a small portion. However, those losses were significantly larger than the year prior during the same period: just $128 million.”
“As extensively reported, a cyberattack was deployed against CommonSpirit during the first weekend in October that prompted outages and service disruptions at hospitals across the country. Despite being one of the largest health system’s in the U.S. with over 700 care sites and 142 hospitals in 21 states, only a small portion of those hospitals went down in the attack.”
“The disruptions, however limited in scope, were noticeable for the impacted hospitals. Clinicians leveraged protocols for handling system outages, but CHI Memorial was forced to reschedule some patient procedures. Virginia Mason Franciscan Health, another CommonSpirit affiliate, was also hard hit by the disruptions and saw its data stolen amid the hack."

IL Social Services Organization Notifies 184K of Healthcare Ransomware Attack, Cook County

Breach Type – Unknown, Ransomware

Health IT Security
January 30th, 2023

"Lutheran Social Services of Illinois (LSSI) notified more than 184,000 individuals of a healthcare data breach recently, according to a breach notice provided to the Maine Attorney General’s Office. On January 27, 2022, LSSI discovered that it had fallen victim to a ransomware attack."
”Despite discovering the incident in January, LSSI did not complete its data review until December 28, 2022. By that time, the social services provider had determined that the unauthorized party accessed files containing certain sensitive information that was maintained on the impacted systems."
"The affected data included names, Social Security numbers, dates of birth, financial information, biometric information, driver’s license numbers, health insurance information, and medical diagnosis and treatment information."

Citing cyberattack, COVID-19 impacts, Illinois hospital suspends operations, LaSalle County

Breach Type – Unknown, Ransomware

SC Magazine
January 24th, 2023

“St. Margaret’s Health has temporarily suspended operations at its hospital in Peru, Illinois, as its leadership could not “find nor financially support” a new provider for its emergency room department. A cyberattack on St. Margaret’s Health’s Spring Valley Hospital and impacts of COVID-19 are cited as driving forces behind the decision."
“The Spring Valley branch was struck by a cyberattack on Feb 22, 2021, prompting the launch of electronic health record downtime procedures and a complete enterprise network shutdown that lasted for several weeks. All web-based operating systems, such as email and the patient portal, were also brought offline.”
”Patient care continued without interruption, due to its previously implemented and practiced downtime procedures. However, the hospital was forced to divert its diagnostic imaging procedures to another hospital branch to ensure accuracy of scans. According to the letter sent to employees, these outages contributed to the hospital’s ongoing financial constraints.”.
”The letter cites a number of factors, including the cyberattack that led to the hospital being unable to “bill nor get paid, in a timely manner, for the services provided during the outage. The hospital was also facing staffing shortages that required the use of “temporary agencies to fill positions at a significantly higher pay rate.”
”The hospital has also struggled to “attract enough staff to continue to operate both hospitals.” As a result of these compounding factors, the hospital will no longer have ER physician coverage at its SMH-Peru branch beginning on Jan. 28 as hospitals aren’t legally allowed to operate without a fully staffed emergency room.”

CommonSpirit Health Suffers IT Outages, EHR Downtime at Multiple Hospitals, Cook County

Breach Type – Unknown, Data Breach

Health IT Security
October 5th, 2022

“Multiple hospitals within the CommonSpirit Health system, one of the nation’s largest nonprofit healthcare systems, are reporting IT outages and EHR downtime.”
"October 05, 2022 - CommonSpirit Health confirmed that it has been suffering IT outages as a result of an unspecified IT security incident that began on October 3. The incident is impacting multiple facilities within the health system, forcing some hospitals to take their EHR systems offline. CommonSpirit Health is one of the largest nonprofit healthcare systems in the US, with more than 1,000 care sites and 140 hospitals in 21 states."
“Our facilities are following existing protocols for system outages and taking steps to minimize the disruption. We take our responsibility to ensure the security of our IT systems very seriously,” a brief notice on the health system’s website stated.
”As a result of this issue, we have rescheduled some patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is impacted.” At MercyOne Des Moines Medical Center, the incident forced certain systems offline as a “precautionary step,” the Des Moines Register reported.
”The hospital had to divert ambulances away from its emergency department for a short period of time on Monday. The incident is also causing appointment cancellations in some locations. The list of healthcare facilities impacted by the CommonSpirit incident continues to grow. CHI Health locations in Omaha confirmed that they were impacted by the security incident, along with Virginia Mason Franciscan Health (VMFH), Bergan Mercy Hospital.”

Illinois Clinic Says 503,000 Affected in Email Breach, Champaign County

Breach Type – Hacking, Data Breach

GOV INFO SECURITY
April 12th, 2022

"A breach involving the compromise of a single user's email account at an Illinois-based multispecialty clinic has affected nearly 503,000 individuals. "
"Christie Clinic says it promptly launched an internal investigation to determine the nature and scope of the incident, and contacted federal law enforcement to mitigate the impact of the unauthorized access."
"The clinic's investigation confirmed that there was unauthorized access to the affected email account from July 14 to Aug. 19, 2021, and that intent of the unauthorized access was to intercept a business transaction between Christie Clinic and a long-standing, third-party vendor."
"Information potentially contained in the affected email account included individuals' names, addresses, Social Security numbers, medical information and health insurance information,"
"To date, Christie Clinic does not have any evidence of misuse of any patient information, but we have notified all individuals who have potential to be affected and notified all necessary regulators,"

31,000 patients' data compromised in Illinois health center ransomware attack, Cook County

Breach Type – Hacking, Ransomware

Becker Hospital Review
February 16th, 2022

"Family Christian Health Center reported that a ransomware attack had compromised the protected health information of 31,000 patients."
"FCHC detected a ransomware attack on the health center's old dental system and electronic registration system. Attackers were able to access protected health information of patients who had received dental and healthcare services at the health center."
"Patients who had received dental services prior to Aug. 31, 2020, had their names, birthdates, insurance card numbers, driver’s license numbers, and copies of their insurance cards and driver’s licenses compromised."
"Patients who received healthcare services between Dec. 5, 2016, and Aug. 31, 2020, had their names, birthdates, addresses, insurance identification numbers and Social Security numbers compromised during the breach."

South Shore Hospital breach leaves 116,000 patients' data vulnerable, Cook County

Breach Type – Hacking, Data Breach

Becker Hospital Review
February 15th, 2022

"South Shore Hospital notified current and former patients about a cybersecurity incident that left 115,670 patients' protected information vulnerable."
"The hospital was alerted that unauthorized activity was occurring on its network. The hospital activated emergency operating protocols and hired a security team to investigate the matter."
"The attacker gained access to files that contained patients' and employees' first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare and Medicaid information."

Cyberattackers Hit Data of 80k Fertility Patients, State of Illinois

Breach Type – Hacking, Data Breach

Threat Post
January 7th, 2022

"The protected health information of nearly 80,000 patients of Fertility Centers of Illinois (FCI) may have been pawed over by cyber intruders following a cyberattack."
"FCI runs four clinics across Illinois. According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ data breach site, the breach – reported on Dec. 27 – affected 79,943 people."
“FCI’s data breach notice (PDF) said that the healthcare organization first detected suspicious activity on its internal systems on Feb. 1, 2021. A subsequent investigation indicated that security systems had blocked attackers from accessing patient EMR (electronic medical records) systems. However, the intruder(s) managed to access administrative files and folders."
“The accessed files included some patients’ names, employer-assigned ID numbers, passport numbers, Social Security numbers, financial account information, payment card information, treatment information, diagnosis, treating/referring physicians, medical record number, medical billing/claims information, prescription/medication information, Medicare/Medicaid identification information, health insurance group numbers, health insurance subscriber numbers, patient account numbers, encounter numbers, ill health/retirement information, master patient index, occupational-health related information, other medical benefits and entitlements information, other medical ID numbers, patkeys/reason for absence, sickness certificate, usernames and passwords with PINs or account login information, and medical facilities associated with patient information."

Hackers had access to OSF Healthcare's IT systems for 6 weeks before outage, Peoria County

Breach Type – Unknown, Data Breach

Becker Hospital Review
October 5th, 2021

"Peoria, Ill.-based OSF HealthCare began notifying patients Oct. 1 that their protected health information was exposed for more than six weeks during an attack on its IT systems earlier this year."
”OSF HealthCare experienced a computer systems outage from April 23-25, which sent the health system into downtime procedures and protocols for two days"
”OSF HealthCare said the outage was the result of a data security incident. After investigating the incident, the health system discovered that an unauthorized party gained access to its systems from March 7 to April 23. As a result, the hacker was able to access certain files belonging to some patients at OSF Little Company of Mary and OSF Saint Paul."
"Patient information exposed by the incident included names, birthdates, Social Security numbers, treatment details, prescription details and health insurance details. Financial information belonging to a "smaller subset of patients" also was exposed"

600,000 patients' info exposed in cyberattack on Illinois medical group, DuPage County

Breach Type – Unknown, Data Breach

Becker Hospital Review
August 31st, 2021

"DuPage Medical Group is notifying 600,000 patients that their personal health information was exposed when the Downers Grove, Ill.-based medical group's computer network was hacked in July"
"DuPage Medical Group... discovered the unauthorized activity on its computer network July 13. As a result, the group shut down access to its network and medical records for nearly a week."
"The hacker had access to DuPage Medical Group's computer network July 12-13 and compromised the following information of the group's patients: names, birthdates, addresses, diagnosis codes, and Social Security numbers for a small number of people, among other details."
"No evidence that any information has been subject to actual or attempted misuse as a result of this incident."

Malware Attack Exposes IL Health Centers' Patient and Staff PHI, Cook County

Breach Type – Unknown, Malware

Health IT Security
August 6th, 2021

“Dynamic Health Care, Inc. (DHC) of Illinois issued a data incident notice on July 16, notifying its patients and staff of “a recent event that may affect the privacy of information of certain nursing care facility patients and employees for whom it provides consulting, administrative, and back-office services,”
"DHC found malware on its computer systems on November 8, 2020"
“Through this investigation, DHC determined that in connection with the malware event, an unauthorized actor accessed certain systems within its network on or about November 8, 2020.”
"The breached data includes patients’ and/or staff members’ names, dates of birth, Social Security numbers, treating nursing care facility names, and may include a resident identification number and dates of admission and/or discharge, the notice states."
“Following this incident, DHC took immediate steps to improve the security of its environment and increase its security posture. DHC is also implementing additional training and education to its employees to prevent similar future incidents.”

Lake County Health Department Announces Two Data Breaches Impacting Nearly 25,000 Patients, Lake County

Breach Type – Unknown, Data Breach

Lake & McHenry Scanner
July 18th, 2021

"The Lake County Health Department announced two data breaches, one of which occurred in 2019, that compromised the data of almost 25,000 people."
-"…that the first breach, which was disclosed earlier this month, occurred after an unencrypted email was sent to an internal employee’s personal email address."
“The spreadsheet consisted of medical records requests from December 2016 to June 2019 made through a third-party vendor who provides release of information services.24,241 people were impacted and the health department mailed them a letter on July 2 notifying them of the breach."
"The second breach involved an unencrypted Google spreadsheet used by volunteers and staff, The spreadsheet contained names, dates of birth, phone numbers, email addresses and vaccination status of seniors seeking information on the COVID-19 vaccine."
"705 people were impacted in the second breach and the health department has since notified them via mail about what happened."
”The health department determined no one’s personal health information was compromised in the first breach but federal authorities disagreed and said the information could have been compromised."

Cancer Treatment Centers of America Midwestern Regional Medical Center, Cook County

Breach Type – Hacking, Data Breach

Becker's Hospital Review
March 25th, 2021

Email hack breached 104,808 patients' data
Compromised information may include patient names, medical data, and health insurance information
The affected email account has been disabled, and CTCA recommends that affected individuals monitor their benefit statements

Southern Illinois University School of Medicine, Jackson County

Breach Type – Hacking, Data Breach

Health IT Security
March 11th, 2021

Vulnerabilities in Accellion's File Transfer Appliance were exploited by Clop ransomware threat actors
Compromised information for SIU School of Medicine patients may include names, dates of birth, SSNs, driver's licenses, treatment plans, and insurance information
SIU has terminated use of the FTA and is offering complimentary identity theft protection to those whose SSNs and/or driver's licenses were exposed

OSF Healthcare System, Peoria County

Breach Type – Unknown, Data Breach

Data Breaches
October 20th, 2020

OSF health care system is forced to Mail letters to patients advising them of Blackbaud attack
OSF investigations of Blackbaud database determined that some sensitive patient information was exposed
The health system did not notify in a public release how many patients were being contacted

NorthShore University Health System, Cook County

Breach Type – Unknown, Data Breach

Chicago Tribune
September 11th, 2020

Nearly 348,000 individuals potentially had information leaked
Names, birth dates, addresses, and medical information possibly accessed
University reported cyberattack to federal health agency

Northwestern Memorial Health Care, Cook County

Breach Type – Unknown, Data Breach

Becker's Hospital Review
September 3rd, 2020

Northwestern Memorial Health Care was also a victim of large scale Blackbaud breach
Blackbaud notified many organizations of exposure that bad actors had gained access between Feb. and May
The bad actors were able to access a backup server taking donor and patient information, Blackbaud believes that the information is not being misused

R1 RCM, Cook County

Breach Type – Unknown, Ransomware

Krebson Security
August 14th, 2020

R1 RCM had rendered servers offline in response to ransomware attack
The company has access to may forms of private personal sensitive data
It is believed the attack took place a week prior to public statements.

FHN Memorial Hospital, Stephenson County

Breach Type – Phishing, Data Breach

Journal Standard
August, 3rd, 2020

The hospital notified its patients of bad actors gaining access to employee email accounts potentially exposing patients
To assess damages the hospital reviewed all the email attachments to evaluate potentially exposed patient information
Information that was accessed includes patients’ names, dates of birth, medical records, and/or Social Security numbers

Carle Foundation Hospital, Champaign County

Breach Type – Phishing, Data breach

Security
September 14th, 2019

Hospitals in Illinois victim of phishing scam
Three hospitals suffered breach of data
Unspecified number of patients' information affected

Center for Vitreo-Retinal Diseases, Lake County

Breach Type - Ransomware

Data Breaches
November 29th, 2018

Servers impacted by ransomware attack
Hackers may have viewed private information of patients
20,300 patients potentially affected in data breach

Medspring Urgent Care, Cook County

Breach Type - Phishing, Data Breach

Data Breaches
August 9th, 2018

Illinois Medspring employee falls victim to phishing scam
Some patient personal information contained in email account
13,000+ patients potentially affected

Education

Southern Illinois University Targeted in MOVEit Hack, Jackson County

Breach Type – Hacking, Data Breach

GovTech.com
June 23rd, 2023

“The Southern Illinois University system has launched an investigation related to a global cyber attack, officials acknowledged in an email this week.”
“The university said it was looking into "recent suspicious network activity" related to MOVEit, an online file transfer system that was recently attacked by a Russian hacking group.”
”We are currently conducting a detailed analysis to determine if any SIU personal information may have been acquired as a result of this incident," Wil Clark, chief information officer at Southern Illinois University-Carbondale, said in an email on Wednesday. "We will notify affected individuals as soon as we know the full scope and breadth of the incident and provide additional information and resources to help protect their personal information."

Olympia Schools Investigating Recent Cyber Attack, McLean County

Breach Type – Unknown, Other

GovTech
March 23rd, 2023

“Olympia Community Unit School District 16 in Illinois has been working with a cybersecurity insurance provider to investigate a cyber attack on Feb. 26, and multifactor authentication may have minimized potential damage."
“Feb. 26 was a Sunday and the district was not entirely sure where access to systems stood by that evening, so it used a remote learning day on Feb. 27. The district emailed parents both days to inform them about what it could share at that point.”
”The district is still determining exactly what was accessed. However, the district's Skyward system and Google Drive system do not appear to have been impacted, O'Donnell said.”
”The district wants to avoid sharing any incorrect information, including information about what files or systems were or were not affected, but hopes to update families next week, around one month after the initial incident.”

Breach exposed data of half-million Chicago students, staff, Cook County

Breach Type – Unknown, Data Breach

WBOY
May 20th, 2022

“The personal information of more than half a million Chicago Public Schools students and staff was compromised in a ransomware attack last December, but the vendor didn’t report it to the district until last month."
“A server used to store student and staff information was breached and four years’ worth of records were accessed, CPS said."
"In total, 495,448 student and 56,138 employee records were accessed from 2015-16 through 2018-2019 school years, CPS said. The data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations."
"CPS said there is no evidence the data has been misused, posted or distributed, but offered affected families a year of credit monitoring and identity theft protection."

Ransomware shuts down Lewis & Clark computers, Madison County

Breach Type – Unknown, Ransomware

The Telegraph
November 24th, 2021

“In a message sent to staff members around 6 a.m. Wednesday, LCCC President Ken Trzaska said the school's computer systems were down because of a "Ransomware attack."
“We now have a major systems outage and need to close campus today, Wednesday, November 24," Trzaska said in his message. "All systems are down including email, blackboard, phones, colleague, etc.”
“Trzaska asked that people not use the college email system or open any files "to be safe."

Niles Township High School District 219, Cook County

Breach Type – Hacking, Other

Journal & Topics
November 13th, 2020

Racist, offensive, and inappropriate content was emailed to students
Bad actors hacked district's systems in cyberattack
IT personnel worked closely with local police to investigate

Maine Township High School District 207 Website and emails, Cook County

Breach Type – Hacking, Other

Journal & Topics
November 13th, 2020

School district website was defaced following cyberattack
Bad actors left hate speech and inappropriate imagery on school website
Officials filed report with municipal police which were aided by neighboring department

Heartland Community College, McLean County

Breach Type – Unknown, Malware

Pantagraph
October 7th, 2020

College online operations remain shut down following safety measure due to outside source compromising some systems
No personal information seems to be affected by this attack at this time
The colleges internal information technology security were able to catch the attack

Columbia College, Cook County

Breach Type – Unknown, Malware

Columbia Chronicle
June 2nd, 2020

Six of Columbia University's applications were marked as down until further notice due to malicious activity
IT was able to respond immediately but servers and storage were still down
From what the college knows it seems that no information was compromised or taken

Illinois Valley Community College, LaSalle County

Breach Type – Unknown, Malware

WCMY 1430 AM
April 25th, 2020

Bad actor's using malware hacked college systems
Officials believed systems would be restored within 10 days
Payroll, student registration, and email remained down

College of DuPage, DuPage County

Breach Type – Unknown, Data Breach

Info Security
March 16th, 2020

Over 1,700 employees were given free credit monitoring
Officials did not disclose the nature of the attack
Website was taken offline during attack by bad actors

Crystal Lake Community High School District 155, McHenry County

Breach Type – Unknown, Ransomware

NwHerald
January 28th, 2020

School district's computer network affected after cyberattack
Bad actors used ransomware to hinder school's network
Officials contacted outside IT team to assist with restoration

Sycamore School District 427, DeKalb County

Breach Type – Unknown, Ransomware

Daily Chronicle
December 3rd, 2019

School district hit with ransomware cyberattack
Visitors to district webpage discovered message indicating attack
Unknown number of servers were affected

Rockford Public Schools, Winnebago County

Breach Type – Unknown, Ransomware

Data Breaches
November 13th, 2019

School district had 50-60 of its servers go down in ransomware attack
District continued to recover from cyberattack months later
Officials described the attack as devastating

Mount Zion School District, Macon County

Breach Type - Hacking, Ransomware

Herald Review
February 14th, 2019

School system lost several weeks of student’s grades
Attack was from a brute force foreign attack aimed at the network
Data was not removed but instead encrypted and left unusable

Peoria Notre Dame High School, Peoria County

Breach Type - TDoS/DDoS

PJ Star
October 29th, 2018

Cyber attack on Peoria Notre Dame High School draws attention of federal investigators
Denial of Service attacks plagued school multiple times in the month of October
Attacks posed serious threat to the school and day to day operations

Hoopeston Area School District, Vermilion County

Breach Type - Hacking, Other

DataBreaches
September 3rd, 2018

Hoopeston Area School District website hacked
Pictures & emergency callout messages sent to district families
Website has since been secured

Pekin Community High School

Breach Type - Ransomware

PJ Star
April 27th, 2017

Hackers demand $37,000 after encrypting entire school network
Pekin Community was unsuspecting, having good security measures in the past
Local police and FBI involved in the case, no personal data at risk
Pekin refused to pay ransom, mostly restoring system through backups

Morton School District

Breach Type - Phishing

Central Illinois Proud
January 31st, 2017

Morton Police department believe Russian hackers source of phishing scheme
Investigating situation in which employees of school district had their W-2 information released

Tazewell Chronicle
February 2nd, 2017

Russian Hackers sent fraudulent emails asking for employee W-2 information, cause security breach
Posed as District's Superintendent
Names and Social Security numbers compromised when employee sent information

Illinois Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in
9-1-1 Cyber News?

Follow Us!

Illinois Cyber Attacks

Infrastructure Affected

Public Safety

Government

Medical

Education

Public Safety

Local Government

Medical

Education

Want the latest in9-1-1 Cyber News?

Follow Us!

Want the latest in
9-1-1 Cyber News?