Illinois Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
Illinois.jpg
 

Public Safety

City of Alton and Alton Police and Fire Departments, Madison County

Breach Type – Unknown, Malware

The Telegraph

  • Mayor of Alton confirms a "data incident" on March 5th, 2021
  • City servers, including Police and Fire Department functionality, were impacted
  • Full functionality of city systems is still being restored
Read More

 
Chicago Police Department, Cook County

Breach Type – Hacking, Other

BroBible

  • Chicago and Minneapolis police departments were victim of cyberattack
  • Police communications were hacked, random music and other sounds were played over radio
  • Anonymous claimed responsibility for the attacks on both departments
Read More

 
Chicago Police Department, Cook County

Breach Type – Hacking, Other

Chicago Sun Times

  • Police radio and dispatch were inundated with rogue transmissions
  • Elaborate cyberattack substantially disrupted law enforcement communications
  • Officials confirmed that most officer's radios aren't protected
Read More

 
Herrin Police Department Website, Williamson County

Breach Type – Unknown, Other: Website Defacement

14 News

  • Bad actors that posted lewd pictures to PD Google Review caused 911 lines to be bogged down
  • Officials stated they would do a better job keeping track of their page
  • Both Google officials and statewide law enforcement agencies were notified of the cyberattack
Read More

 
City of Harvard Tornado Early Warning System, McHenry County

Breach Type - Hacking, Other

NBC Chicago

  • Following several attacks a McHenry county city plans to remove its siren system
  • After investigation is was revealed that the malfunctions were due to attacks on the system
  • Due to the several false alarms many emergency and non-emergency calls were made clogging up 911 systems
Read More

 
Will County 911, Police & Fire Services, Will County

Breach Type - Malware

The Herald-News

  • Virus infected Will County computer systems
  • Virus inhibited officers’ & firefighters’ ability to communicate in field with Will County 911 over mobile internet connection
  • Virus did not affect 911 phone system, radio, or CAD system
  • Officers manually filed reports rather than through online methods
  • No sensitive data or EMS reports accessed by hackers
Read More

 
Marion County Sheriff's Office

Breach Type - Data Breach

X95 Radio

  • Security breach compromised & removed private data
  • Affects those booked into Marion County Jail
  • Sheriff's office implementing additional safeguards to prevent future breaches
Read More

 
Wood River PD Prevents Major Attack

Breach Type - Ransomware

The Telegraph

  • Hackers phished for vital information to Wood River PD
  • PD officials recognized ransomware and locked department out of computer systems
  • Had redundancy server (backup server) set up to protect information
Read More
Tech Talk

  • No information was accessed during attack
Read More

 
Roxana PD Falls Victim

Breach Type - Ransomware

Fox 2 Now

  • Chief of Police confirms ransomware infected computer systems
  • FBI asked to aid Roxana PD
  • Chief did not pay ransom
Read More

 
Suburban Chicago Police Department Pays $500 Ransom

Breach Type - Ransomware

Inquisitr


Read More

 
BACK TO TOP

Local Government

Illinois State Court Network hacked, Sagamon County

Breach Type – Unknown, Ransomware

The Cyber Express

  • “Everest ransomware group has reportedly gained full access to the network of the US District Court in Illinois and is now offering to sell that access to interested buyers."
  • “According to the group, they have an employee within the court system who has granted them unrestricted access to confidential documents and other sensitive data.”
  • ”The Illinois State Court system has not yet commented on the alleged breach”
Read More

 
Hackers stole data from multiple electric utilities in recent ransomware attack, Cook County

Breach Type – Unknown, Ransomware

ABC 17 NEWS

  • ”Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack..."
  • "Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators have combed the dark web for the stolen data."
  • ”The ransomware attack hit Chicago-based Sargent & Lundy, an engineering firm that has designed more than 900 power stations and thousands of miles of power systems and that holds sensitive data on those projects. …The firm also handles nuclear security issues, working with the departments of Defense, Energy and other agencies “to strengthen nuclear deterrence” and keep weapons of mass destruction out of terrorists’ hands."
Read More

 
Cyberattack temporarily takes down websites for O'Hare and Midway airports, Cook County

Breach Type – Hacking, DoS

CBS News

  • “A cyberattack on Monday shut down the websites for O'Hare and Midway airports, and several other large airports across the country.”
  • ”An FBI spokesperson confirmed they were aware of the cyberattack that took down flychicago.com for part of the morning on Monday, but would not confirm or deny if they were investigating.”
  • “The O'Hare and Midway websites were down for at least a few hours Monday morning, but was back up and running early Monday afternoon. The Chicago Department of Aviation said in a statement that no airport operations were affected..”
Read More

 
Mayor Troup: City paid ransom in cyberattack, Adams County

Breach Type – Unknown, Ransomware

KHQA ABC News

  • “Quincy Mayor Mike Troup on Tuesday confirmed during a news conference on Tuesday that the city was the victim of a cyberattack in which there was an encryption key locking the city out of some of its files in exchange for ransom."
  • “On Monday night, the City Council approved a resolution authorizing emergency payment for three cyber security consulting services."
  • "The mayor said the city paid a nearly $500,000 ransom fee for the decryption key."
  • "Troup said it appears, at this point, no personal information related to residents has been stolen."
Read More

 
City of Quincy still investigating what happened with cyber attack, Adams County

Breach Type – Unknown, Malware

Muddy River News

  • “The computer systems of the City of Quincy were hit with a cyber attack during the weekend. Quincy Mayor Mike Troup said Monday morning the attack apparently started at the Quincy Public Library before spreading through other departments.”
  • “The mayor said the city is still investigating what happened.”
  • "Our emails are still down. We cannot receive on our city email (accounts), and we cannot send out on the city emails,” he said. “We did have trouble with our telephones, (but) that has been restored. 911 works. There has not been any issue with with them. Police and fire still are responding. Central Services is virtually unaffected, except for the emails. Planning and development, that’s unaffected.”
Read More

 
DeKalb County Board Chairman Says Personal Information Not Stolen in Ransomware Attack, DeKalb County

Breach Type – Phishing, Ransomware

WSPY News

  • “DeKalb County Board Chairman John Frieders says personal information is not thought to have been stolen in Monday's ransomware attack on DeKalb County. A hacking attack on the county has made some systems inaccessible.”
  • “Frieders says things are still running in the county, but it might harder to contact people as the email system is down.”
  • “Frieders says the county has not been contacted by anyone asking for a ransom to restore the county's systems. He says the county is working with police, including the Federal Bureau of Investigation, to get to the bottom of the attack.”
Read More

 
City of Moline falls victim of cyber attack, now under federal investigation, Rock Island County

Breach Type – Phishing, Other

ABC WGAD 8

  • “It was made public that the City of Moline fell victim of a cyber-attack in form of a phishing scam. It was discovered by city staff in January 2021, and the apparent scam happened in December 2020. A vendor that the City of Moline works with reached out and explained that it had not received payment for services completed.”
  • “The city has insurance in place to cover cyber crime. This limits the exposure to Moline taxpayers to a maximum of $20,000 regardless of whether none, a portion or all of the stolen funds are recovered.”
  • “As a result of the incident, the city reviewed all of its internal control policies with the assistance of its auditors”
  • “The Moline Police Department still has an open investigation into this matter and is working with federal authorities on the investigation. Due to that, we aren't able to divulge further information that may jeopardize the investigation.”
Read More

 
This is a significant loss of taxpayers dollars': Rock Island County investigating wire fraud theft of more than $115,000

Breach Type – Phishing, Other

Quad City Times

  • “June 1: Someone contacted the county auditor’s office by email, claiming to represent one of the contractors with whom the county works. The email asked that future payments be sent in a different way than previously because the company had changed bank accounts. The email was fraudulent.”
  • “June 18: The Rock Island County Auditor’s Office authorized a transaction of $97,042.50 to the new account.”
  • “An employee of my office was the victim of an email scam which resulted in the inadvertent transfer of over $115,000 to a fraudulent account before it was caught and stopped,” April Palmer, the county auditor, said in a news release. “The employee was led to believe by receiving a direct deposit request and a bank letter, that the payments were being sent to a long-time vendor of the County’s.”
Read More

 
Illinois Attorney General's Office, State of Illinois

Breach Type – Unknown, Ransomware

Chicago Tribune

  • Threat actor group DoppelPaymer believed to be behind the attack
  • Attorney General's Office working with local and federal law enforcement
  • Some exfiltrated data has been posted online
Read More

 
Champaign-Urbana Public Health District’s, Champaign County

Breach Type – Unknown, Ransomware

Gazette

  • Healthcare officials forced to use alternative means for communication
  • Ransomware cyberattack affected provider's network
  • Email accounts, health records, and patient medical records remained safe
Read More

 
La Salle County Government Systems, La Salle County

Breach Type - Unknown, Malware

WSPY News

  • County computer systems affected following cyberattack
  • Emergency protocols enacted for offices that were hit
  • Several other facilities remained unimpacted
Read More
LCBC Radio

  • Officials remained unsure about how many computers were hit
  • Courthouse possibly affected by cyberattack, email remained functional
  • Employees were unable to access anything outside stored information
Read More
WSPY News

  • Officials confirmed county was hit in cyberattack
  • Bad actors used ransomware against network
  • Ransom demand to release systems had been made
Read More

 
City of Belvidere, Boone County

Breach Type – Unknown, Ransomware

RRSTAR

  • Ransomware used in cyberattack against city government
  • Email and other services were taken out in the attack
  • Officials stated that no ransom had yet been delivered
Read More

 
Bureau County Website, Bureau County

Breach Type – Hacking, Other: Website Defacement

News Trib

  • County website hacked by Iranians
  • Attack was breach of zoning area on website
  • Courthouse remained unaffected
Read More

 
Bartlett Public Library System, Cook, DuPage, & Kane Counties

Breach Type – Unknown, Ransomware

Data Breaches

  • Ransomware cyberattack utilized against public library
  • Personal information was not compromised in the attack
Read More

 
Macon County Circuit Clerk's Office Website, Macon County

Breach Type – Hacking, Other: Website Defacement

Herald Review

  • This attack specifically targeted the website causing another defacement along a string of related attacks
  • Investigations and imagery on the website point to the hackers being Iranian based
  • Private information was kept on a separate server and therefore unaffected by the recent hack
Read More

 
City of Chicago Department of Aviation, Cook County

Breach Type - Phishing, Malware

CBS Local

  • After attempting to make payments of more than $1 Million to a vendor it had been noticed that it was a scam
  • A phishing email acting as a vendor had asked to change the bank accounts for payments
  • The money was paid to this spoofed account but had been recovered as the bank placed a hold on the fake account
Read More

 
Moultrie County Government Systems, Moultrie County

Breach Type - Ransomware

WAND TV

  • Computer issues may be caused by dangerous ransomware
  • Reported issue to Illinois State Board of Elections as a database problem
  • As many as three servers may have been infected
Read More

 
Crawford County Clerk's Office, Crawford County

Breach Type - Ransomware

WTHITV

  • Crawford County Clerk’s office hit with ransomware
  • Clerk’s office employees completed work manually to stay on task
  • Program and firewall updates to system are needed along with software updates to prevent future attacks
Read More

 
Perry County Government, Perry County

Breach Type - Ransomware

WJBD Radio

  • Perry County computers shut down by ransomware attack
  • Mayor refused to pay ransom, having backup system in place
  • Wiped system clean & restored all files within 6 hours
Read More

 
Illinois State Election System

Breach Type - Hack

NBC News

  • Detected malicious activity on network
  • Reported to DHS
  • No voter rolls were accessed/altered
Read More

 
Cook County Treasurer's Website

Breach Type - Cryptojack/Other

WCCF Tech

  • Over 4,200 victims hijacked to mine Monero cryptocurrency
  • Secretly hijacked using compromised plug-in called "Browsealoud"
  • Though sites were affected for hours, no user data was affected/compromised
Read More

 
Batavia City

Breach Type - Data Breach

Chicago Tribune

  • W2 phishing scam targets Batavia
  • Over 240 employees potentially affected
  • Names, social security numbers, addresses, & earnings exposed
Read More

 
Montgomery County

Breach Type - Hack

The Journal News

  • External malware affects some county government offices
  • 911 operations not affected by malware
  • No breach of county data or loss currently
Read More

 
Illinois Department of Veterans' Affairs

Breach Type - Hack

Daily Herald

  • Malware virus attack infects agency's network
  • Staff launched security incident response through Department of Innovation & Technology
Read More
My Wabash Valley

  • Malware paralyzed computers for at least six weeks
  • Employees resort to manual activity for daily functions
  • Private data of veterans remained unaffected, not stolen
Read More

 
Illinois Elections

Breach Type - Hack

Capitol Facts

  • Russian Hackers attack voting software supplier days before presidential election 2016
  • Report does not confirm if hack had any effect on election results
  • Hackers infected U.S. voting software company
  • Sent spear phishing emails to 100+ election officials
  • Illinois election officials confirm intrusion of state’s election system
Read More

 
Cook County

Breach Type - Ransomware

State Scoop

  • First known government infection of WannaCry in U.S.
  • Barrage of phishing emails
  • No major Cook County operations affected
Read More

 
Illinois State Board of Elections Officials

Breach Type - Hack

Chicago Tribune

  • Personal information of about 200,000 voters hacked
  • Cyber-attack from foreign origin
  • No files of registered voters were erased or modified
  • No voting history captured, or voter signatures
  • Drivers license numbers and last four digits of Social Security numbers could be compromised
  • Online entered information more likely to be compromised
  • Board took offline outside access to prevent further intrusions
Read More

 
Downers Grove, DuPage County

Breach Type - Hack

Chicago Tribune

  • Cyber security issues prompt Governor to delete social media accounts
  • Gov. often posted political viewpoints on social media accounts
  • Online presence went dark
Read More

 
Kankakee County

Breach Type - Ransomware

Daily Journal

  • Ransomware infects computer systems through phishing email
  • County officials decided against paying ransom and would not disclose how much hackers demanded
  • County files were saved on backup server
Read More

 
BACK TO TOP

Medical

Morris Hospital investigating attack by Royal ransomware group, Grundy County

Breach Type – Unknown, Other

DataBreahes.net

  • “Morris Hospital & Healthcare Centers is actively investigating a cybersecurity incident with the assistance of independent cybersecurity forensic experts. The incident has not impacted patient care or hospital operations.”
  • ”The investigation was launched after the hospital detected unusual activity on its computer network that indicated an unauthorized third party had gained access to the network system. The network system is separate from the electronic medical record systems that are used for patient care. The hospital’s electronic medical record systems were not compromised."
  • “Hospital officials emphasize that the numerous IT security measures that were already in place at Morris Hospital were instrumental in preventing a more severe incident.”
Read More

 
Lake County Health Department reports security breach that exposed residents’ health data, personal information

Breach Type – Unknown, Data Breach

Lake & McHenry County Scanner

  • "The health department has announced they experienced a security breach in their email system that exposed some Lake County residents’ personal health data and private information. Lake County officials announced late last week they became aware of the breach on March 6.”
  • "It involved an unauthorized third-party gaining access to a Lake County Health Department and Community Health Center employee’s email account."
  • ”The impacted email account included partially de-identified information regarding Lake County residents who may have had a reportable communicable disease or disease that was part of a cluster or outbreak that was investigated by the health department between April 23, 2012, and March 6, 2023."
  • “Information that may have been exposed includes names, addresses, zip codes, date of birth, gender, phone number, email address, medical record number, diagnoses or conditions, lab results and other treatment information used by the Communicable Disease outreach program."
Read More

 
Culbertson Memorial Hospital hit by cyber-attack, Schuyler County

Breach Type – Unknown, Other

WGEM

  • "Culbertson Memorial Hospital officials reported Friday the hospital had been the victim of a cyber-attack last week. Officials stated they discovered a network disruption at 3 a.m. March 30 that required information systems to be taken offline.”
  • ”Director of Community Relations Molly Sorrell said Friday that the hospital does not know if any of its health care or patient account information was compromised."
  • “Right now our focus is to get up and running and fully functional by Tuesday,” Sorrell said. Snyder added, “while our investigation is ongoing, be assured Culbertson is working diligently to fully restore all systems so we can effectively serve the community. While we have regained the utilization to a portion of our systems, we expect to have fully restored critical service systems by April 11."
Read More

 
CommonSpirit Health cyberattack, month-long network outage cost $150M, Cook County

Breach Type – Unknown, Data Breach

SC Magazine

  • "The ransomware attack and subsequent month-long network outage at CommonSpirit Health in October cost the major health system at least $150 million to date, according to its unaudited quarterly financial report.”
  • "The “adverse financial impact” of the cyber incident is tied to the associated business interruption, remediation costs, and other related business expenses."
  • "The health system posted $925 million in operating losses for the second half of 2022, of which the cyber incident was just a small portion. However, those losses were significantly larger than the year prior during the same period: just $128 million.”
  • ”As extensively reported, a cyberattack was deployed against CommonSpirit during the first weekend in October that prompted outages and service disruptions at hospitals across the country. Despite being one of the largest health system’s in the U.S. with over 700 care sites and 142 hospitals in 21 states, only a small portion of those hospitals went down in the attack.”
  • ”The disruptions, however limited in scope, were noticeable for the impacted hospitals. Clinicians leveraged protocols for handling system outages, but CHI Memorial was forced to reschedule some patient procedures. Virginia Mason Franciscan Health, another CommonSpirit affiliate, was also hard hit by the disruptions and saw its data stolen amid the hack.”
Read More
SC Magazine

  • "The ransomware attack and subsequent month-long network outage at CommonSpirit Health in October cost the major health system at least $150 million to date, according to its unaudited quarterly financial report.”
  • “The “adverse financial impact” of the cyber incident is tied to the associated business interruption, remediation costs, and other related business expenses.”
  • "The health system posted $925 million in operating losses for the second half of 2022, of which the cyber incident was just a small portion. However, those losses were significantly larger than the year prior during the same period: just $128 million.”
  • “As extensively reported, a cyberattack was deployed against CommonSpirit during the first weekend in October that prompted outages and service disruptions at hospitals across the country. Despite being one of the largest health system’s in the U.S. with over 700 care sites and 142 hospitals in 21 states, only a small portion of those hospitals went down in the attack.”
  • “The disruptions, however limited in scope, were noticeable for the impacted hospitals. Clinicians leveraged protocols for handling system outages, but CHI Memorial was forced to reschedule some patient procedures. Virginia Mason Franciscan Health, another CommonSpirit affiliate, was also hard hit by the disruptions and saw its data stolen amid the hack."
Read More

 
IL Social Services Organization Notifies 184K of Healthcare Ransomware Attack, Cook County

Breach Type – Unknown, Ransomware


 
Citing cyberattack, COVID-19 impacts, Illinois hospital suspends operations, LaSalle County

Breach Type – Unknown, Ransomware

SC Magazine

  • “St. Margaret’s Health has temporarily suspended operations at its hospital in Peru, Illinois, as its leadership could not “find nor financially support” a new provider for its emergency room department. A cyberattack on St. Margaret’s Health’s Spring Valley Hospital and impacts of COVID-19 are cited as driving forces behind the decision."
  • “The Spring Valley branch was struck by a cyberattack on Feb 22, 2021, prompting the launch of electronic health record downtime procedures and a complete enterprise network shutdown that lasted for several weeks. All web-based operating systems, such as email and the patient portal, were also brought offline.”
  • ”Patient care continued without interruption, due to its previously implemented and practiced downtime procedures. However, the hospital was forced to divert its diagnostic imaging procedures to another hospital branch to ensure accuracy of scans. According to the letter sent to employees, these outages contributed to the hospital’s ongoing financial constraints.”.
  • ”The letter cites a number of factors, including the cyberattack that led to the hospital being unable to “bill nor get paid, in a timely manner, for the services provided during the outage. The hospital was also facing staffing shortages that required the use of “temporary agencies to fill positions at a significantly higher pay rate.”
  • ”The hospital has also struggled to “attract enough staff to continue to operate both hospitals.” As a result of these compounding factors, the hospital will no longer have ER physician coverage at its SMH-Peru branch beginning on Jan. 28 as hospitals aren’t legally allowed to operate without a fully staffed emergency room.”
Read More

 
CommonSpirit Health Suffers IT Outages, EHR Downtime at Multiple Hospitals, Cook County

Breach Type – Unknown, Data Breach

Health IT Security

  • “Multiple hospitals within the CommonSpirit Health system, one of the nation’s largest nonprofit healthcare systems, are reporting IT outages and EHR downtime.”
  • "October 05, 2022 - CommonSpirit Health confirmed that it has been suffering IT outages as a result of an unspecified IT security incident that began on October 3. The incident is impacting multiple facilities within the health system, forcing some hospitals to take their EHR systems offline. CommonSpirit Health is one of the largest nonprofit healthcare systems in the US, with more than 1,000 care sites and 140 hospitals in 21 states."
  • “Our facilities are following existing protocols for system outages and taking steps to minimize the disruption. We take our responsibility to ensure the security of our IT systems very seriously,” a brief notice on the health system’s website stated.
  • ”As a result of this issue, we have rescheduled some patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is impacted.” At MercyOne Des Moines Medical Center, the incident forced certain systems offline as a “precautionary step,” the Des Moines Register reported.
  • ”The hospital had to divert ambulances away from its emergency department for a short period of time on Monday. The incident is also causing appointment cancellations in some locations. The list of healthcare facilities impacted by the CommonSpirit incident continues to grow. CHI Health locations in Omaha confirmed that they were impacted by the security incident, along with Virginia Mason Franciscan Health (VMFH), Bergan Mercy Hospital.”
Read More

 
Illinois Clinic Says 503,000 Affected in Email Breach, Champaign County

Breach Type – Hacking, Data Breach

GOV INFO SECURITY

  • "A breach involving the compromise of a single user's email account at an Illinois-based multispecialty clinic has affected nearly 503,000 individuals. "
  • "Christie Clinic says it promptly launched an internal investigation to determine the nature and scope of the incident, and contacted federal law enforcement to mitigate the impact of the unauthorized access."
  • "The clinic's investigation confirmed that there was unauthorized access to the affected email account from July 14 to Aug. 19, 2021, and that intent of the unauthorized access was to intercept a business transaction between Christie Clinic and a long-standing, third-party vendor."
  • "Information potentially contained in the affected email account included individuals' names, addresses, Social Security numbers, medical information and health insurance information,"
  • "To date, Christie Clinic does not have any evidence of misuse of any patient information, but we have notified all individuals who have potential to be affected and notified all necessary regulators,"
Read More

 
31,000 patients' data compromised in Illinois health center ransomware attack, Cook County

Breach Type – Hacking, Ransomware

Becker Hospital Review

  • "Family Christian Health Center reported that a ransomware attack had compromised the protected health information of 31,000 patients."
  • "FCHC detected a ransomware attack on the health center's old dental system and electronic registration system. Attackers were able to access protected health information of patients who had received dental and healthcare services at the health center."
  • "Patients who had received dental services prior to Aug. 31, 2020, had their names, birthdates, insurance card numbers, driver’s license numbers, and copies of their insurance cards and driver’s licenses compromised."
  • "Patients who received healthcare services between Dec. 5, 2016, and Aug. 31, 2020, had their names, birthdates, addresses, insurance identification numbers and Social Security numbers compromised during the breach."
Read More

 
South Shore Hospital breach leaves 116,000 patients' data vulnerable, Cook County

Breach Type – Hacking, Data Breach

Becker Hospital Review

  • "South Shore Hospital notified current and former patients about a cybersecurity incident that left 115,670 patients' protected information vulnerable."
  • "The hospital was alerted that unauthorized activity was occurring on its network. The hospital activated emergency operating protocols and hired a security team to investigate the matter."
  • "The attacker gained access to files that contained patients' and employees' first and last names, addresses, dates of birth, Social Security numbers, financial information, health insurance information, medical information, diagnoses, health insurance policy numbers, and Medicare and Medicaid information."
Read More

 
Cyberattackers Hit Data of 80k Fertility Patients, State of Illinois

Breach Type – Hacking, Data Breach

Threat Post

  • "The protected health information of nearly 80,000 patients of Fertility Centers of Illinois (FCI) may have been pawed over by cyber intruders following a cyberattack."
  • "FCI runs four clinics across Illinois. According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights’ data breach site, the breach – reported on Dec. 27 – affected 79,943 people."
  • “FCI’s data breach notice (PDF) said that the healthcare organization first detected suspicious activity on its internal systems on Feb. 1, 2021. A subsequent investigation indicated that security systems had blocked attackers from accessing patient EMR (electronic medical records) systems. However, the intruder(s) managed to access administrative files and folders."
  • “The accessed files included some patients’ names, employer-assigned ID numbers, passport numbers, Social Security numbers, financial account information, payment card information, treatment information, diagnosis, treating/referring physicians, medical record number, medical billing/claims information, prescription/medication information, Medicare/Medicaid identification information, health insurance group numbers, health insurance subscriber numbers, patient account numbers, encounter numbers, ill health/retirement information, master patient index, occupational-health related information, other medical benefits and entitlements information, other medical ID numbers, patkeys/reason for absence, sickness certificate, usernames and passwords with PINs or account login information, and medical facilities associated with patient information."
Read More

 
Hackers had access to OSF Healthcare's IT systems for 6 weeks before outage, Peoria County

Breach Type – Unknown, Data Breach

Becker Hospital Review

  • "Peoria, Ill.-based OSF HealthCare began notifying patients Oct. 1 that their protected health information was exposed for more than six weeks during an attack on its IT systems earlier this year."
  • ”OSF HealthCare experienced a computer systems outage from April 23-25, which sent the health system into downtime procedures and protocols for two days"
  • ”OSF HealthCare said the outage was the result of a data security incident. After investigating the incident, the health system discovered that an unauthorized party gained access to its systems from March 7 to April 23. As a result, the hacker was able to access certain files belonging to some patients at OSF Little Company of Mary and OSF Saint Paul."
  • "Patient information exposed by the incident included names, birthdates, Social Security numbers, treatment details, prescription details and health insurance details. Financial information belonging to a "smaller subset of patients" also was exposed"
Read More

 
600,000 patients' info exposed in cyberattack on Illinois medical group, DuPage County

Breach Type – Unknown, Data Breach

Becker Hospital Review

  • "DuPage Medical Group is notifying 600,000 patients that their personal health information was exposed when the Downers Grove, Ill.-based medical group's computer network was hacked in July"
  • "DuPage Medical Group... discovered the unauthorized activity on its computer network July 13. As a result, the group shut down access to its network and medical records for nearly a week."
  • "The hacker had access to DuPage Medical Group's computer network July 12-13 and compromised the following information of the group's patients: names, birthdates, addresses, diagnosis codes, and Social Security numbers for a small number of people, among other details."
  • "No evidence that any information has been subject to actual or attempted misuse as a result of this incident."
Read More

 
Malware Attack Exposes IL Health Centers' Patient and Staff PHI, Cook County

Breach Type – Unknown, Malware

Health IT Security

  • “Dynamic Health Care, Inc. (DHC) of Illinois issued a data incident notice on July 16, notifying its patients and staff of “a recent event that may affect the privacy of information of certain nursing care facility patients and employees for whom it provides consulting, administrative, and back-office services,”
  • "DHC found malware on its computer systems on November 8, 2020"
  • “Through this investigation, DHC determined that in connection with the malware event, an unauthorized actor accessed certain systems within its network on or about November 8, 2020.”
  • "The breached data includes patients’ and/or staff members’ names, dates of birth, Social Security numbers, treating nursing care facility names, and may include a resident identification number and dates of admission and/or discharge, the notice states."
  • “Following this incident, DHC took immediate steps to improve the security of its environment and increase its security posture. DHC is also implementing additional training and education to its employees to prevent similar future incidents.”
Read More

 
Lake County Health Department Announces Two Data Breaches Impacting Nearly 25,000 Patients, Lake County

Breach Type – Unknown, Data Breach

Lake & McHenry Scanner

  • "The Lake County Health Department announced two data breaches, one of which occurred in 2019, that compromised the data of almost 25,000 people."
  • -"…that the first breach, which was disclosed earlier this month, occurred after an unencrypted email was sent to an internal employee’s personal email address."
  • “The spreadsheet consisted of medical records requests from December 2016 to June 2019 made through a third-party vendor who provides release of information services.24,241 people were impacted and the health department mailed them a letter on July 2 notifying them of the breach."
  • "The second breach involved an unencrypted Google spreadsheet used by volunteers and staff, The spreadsheet contained names, dates of birth, phone numbers, email addresses and vaccination status of seniors seeking information on the COVID-19 vaccine."
  • "705 people were impacted in the second breach and the health department has since notified them via mail about what happened."
  • ”The health department determined no one’s personal health information was compromised in the first breach but federal authorities disagreed and said the information could have been compromised."
Read More

 
Cancer Treatment Centers of America Midwestern Regional Medical Center, Cook County

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • Email hack breached 104,808 patients' data
  • Compromised information may include patient names, medical data, and health insurance information
  • The affected email account has been disabled, and CTCA recommends that affected individuals monitor their benefit statements
Read More

 
Southern Illinois University School of Medicine, Jackson County

Breach Type – Hacking, Data Breach

Health IT Security

  • Vulnerabilities in Accellion's File Transfer Appliance were exploited by Clop ransomware threat actors
  • Compromised information for SIU School of Medicine patients may include names, dates of birth, SSNs, driver's licenses, treatment plans, and insurance information
  • SIU has terminated use of the FTA and is offering complimentary identity theft protection to those whose SSNs and/or driver's licenses were exposed
Read More

 
OSF Healthcare System, Peoria County

Breach Type – Unknown, Data Breach

Data Breaches

  • OSF health care system is forced to Mail letters to patients advising them of Blackbaud attack
  • OSF investigations of Blackbaud database determined that some sensitive patient information was exposed
  • The health system did not notify in a public release how many patients were being contacted
Read More

 
NorthShore University Health System, Cook County

Breach Type – Unknown, Data Breach

Chicago Tribune

  • Nearly 348,000 individuals potentially had information leaked
  • Names, birth dates, addresses, and medical information possibly accessed
  • University reported cyberattack to federal health agency
Read More

 
Northwestern Memorial Health Care, Cook County

Breach Type – Unknown, Data Breach

Becker's Hospital Review

  • Northwestern Memorial Health Care was also a victim of large scale Blackbaud breach
  • Blackbaud notified many organizations of exposure that bad actors had gained access between Feb. and May
  • The bad actors were able to access a backup server taking donor and patient information, Blackbaud believes that the information is not being misused
Read More

 
R1 RCM, Cook County

Breach Type – Unknown, Ransomware

Krebson Security

  • R1 RCM had rendered servers offline in response to ransomware attack
  • The company has access to may forms of private personal sensitive data
  • It is believed the attack took place a week prior to public statements.
Read More

 
FHN Memorial Hospital, Stephenson County

Breach Type – Phishing, Data Breach

Journal Standard

  • The hospital notified its patients of bad actors gaining access to employee email accounts potentially exposing patients
  • To assess damages the hospital reviewed all the email attachments to evaluate potentially exposed patient information
  • Information that was accessed includes patients’ names, dates of birth, medical records, and/or Social Security numbers
Read More

 
Carle Foundation Hospital, Champaign County

Breach Type – Phishing, Data breach

Security

  • Hospitals in Illinois victim of phishing scam
  • Three hospitals suffered breach of data
  • Unspecified number of patients' information affected
Read More

 
Center for Vitreo-Retinal Diseases, Lake County

Breach Type - Ransomware

Data Breaches

  • Servers impacted by ransomware attack
  • Hackers may have viewed private information of patients
  • 20,300 patients potentially affected in data breach
Read More

 
Medspring Urgent Care, Cook County

Breach Type - Phishing, Data Breach

Data Breaches

  • Illinois Medspring employee falls victim to phishing scam
  • Some patient personal information contained in email account
  • 13,000+ patients potentially affected
Read More

 
BACK TO TOP

Education

Olympia Schools Investigating Recent Cyber Attack, McLean County

Breach Type – Unknown, Other

GovTech

  • “Olympia Community Unit School District 16 in Illinois has been working with a cybersecurity insurance provider to investigate a cyber attack on Feb. 26, and multifactor authentication may have minimized potential damage."
  • “Feb. 26 was a Sunday and the district was not entirely sure where access to systems stood by that evening, so it used a remote learning day on Feb. 27. The district emailed parents both days to inform them about what it could share at that point.”
  • ”The district is still determining exactly what was accessed. However, the district's Skyward system and Google Drive system do not appear to have been impacted, O'Donnell said.”
  • ”The district wants to avoid sharing any incorrect information, including information about what files or systems were or were not affected, but hopes to update families next week, around one month after the initial incident.”
Read More

 
Breach exposed data of half-million Chicago students, staff, Cook County

Breach Type – Unknown, Data Breach

WBOY

  • “The personal information of more than half a million Chicago Public Schools students and staff was compromised in a ransomware attack last December, but the vendor didn’t report it to the district until last month."
  • “A server used to store student and staff information was breached and four years’ worth of records were accessed, CPS said."
  • "In total, 495,448 student and 56,138 employee records were accessed from 2015-16 through 2018-2019 school years, CPS said. The data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations."
  • "CPS said there is no evidence the data has been misused, posted or distributed, but offered affected families a year of credit monitoring and identity theft protection."
Read More

 
Ransomware shuts down Lewis & Clark computers, Madison County

Breach Type – Unknown, Ransomware

The Telegraph

  • “In a message sent to staff members around 6 a.m. Wednesday, LCCC President Ken Trzaska said the school's computer systems were down because of a "Ransomware attack."
  • “We now have a major systems outage and need to close campus today, Wednesday, November 24," Trzaska said in his message. "All systems are down including email, blackboard, phones, colleague, etc.”
  • “Trzaska asked that people not use the college email system or open any files "to be safe."
Read More

 
Niles Township High School District 219, Cook County

Breach Type – Hacking, Other

Journal & Topics

  • Racist, offensive, and inappropriate content was emailed to students
  • Bad actors hacked district's systems in cyberattack
  • IT personnel worked closely with local police to investigate
Read More

 
Maine Township High School District 207 Website and emails, Cook County

Breach Type – Hacking, Other

Journal & Topics

  • School district website was defaced following cyberattack
  • Bad actors left hate speech and inappropriate imagery on school website
  • Officials filed report with municipal police which were aided by neighboring department
Read More

 
Heartland Community College, McLean County

Breach Type – Unknown, Malware

Pantagraph

  • College online operations remain shut down following safety measure due to outside source compromising some systems
  • No personal information seems to be affected by this attack at this time
  • The colleges internal information technology security were able to catch the attack
Read More

 
Columbia College, Cook County

Breach Type – Unknown, Malware

Columbia Chronicle

  • Six of Columbia University's applications were marked as down until further notice due to malicious activity
  • IT was able to respond immediately but servers and storage were still down
  • From what the college knows it seems that no information was compromised or taken
Read More

 
Illinois Valley Community College, LaSalle County

Breach Type – Unknown, Malware

WCMY 1430 AM

  • Bad actor's using malware hacked college systems
  • Officials believed systems would be restored within 10 days
  • Payroll, student registration, and email remained down
Read More

 
College of DuPage, DuPage County

Breach Type – Unknown, Data Breach

Info Security

  • Over 1,700 employees were given free credit monitoring
  • Officials did not disclose the nature of the attack
  • Website was taken offline during attack by bad actors
Read More

 
Crystal Lake Community High School District 155, McHenry County

Breach Type – Unknown, Ransomware

NwHerald

  • School district's computer network affected after cyberattack
  • Bad actors used ransomware to hinder school's network
  • Officials contacted outside IT team to assist with restoration
Read More

 
Sycamore School District 427, DeKalb County

Breach Type – Unknown, Ransomware

Daily Chronicle

  • School district hit with ransomware cyberattack
  • Visitors to district webpage discovered message indicating attack
  • Unknown number of servers were affected
Read More

 
Rockford Public Schools, Winnebago County

Breach Type – Unknown, Ransomware

Data Breaches

  • School district had 50-60 of its servers go down in ransomware attack
  • District continued to recover from cyberattack months later
  • Officials described the attack as devastating
Read More

 
Mount Zion School District, Macon County

Breach Type - Hacking, Ransomware

Herald Review

  • School system lost several weeks of student’s grades
  • Attack was from a brute force foreign attack aimed at the network
  • Data was not removed but instead encrypted and left unusable
Read More

 
Peoria Notre Dame High School, Peoria County

Breach Type - TDoS/DDoS

PJ Star

  • Cyber attack on Peoria Notre Dame High School draws attention of federal investigators
  • Denial of Service attacks plagued school multiple times in the month of October
  • Attacks posed serious threat to the school and day to day operations
Read More

 
Hoopeston Area School District, Vermilion County

Breach Type - Hacking, Other

DataBreaches

  • Hoopeston Area School District website hacked
  • Pictures & emergency callout messages sent to district families
  • Website has since been secured
Read More

 
Pekin Community High School

Breach Type - Ransomware

PJ Star

  • Hackers demand $37,000 after encrypting entire school network
  • Pekin Community was unsuspecting, having good security measures in the past
  • Local police and FBI involved in the case, no personal data at risk
  • Pekin refused to pay ransom, mostly restoring system through backups
Read More

 
Morton School District

Breach Type - Phishing

Central Illinois Proud

  • Morton Police department believe Russian hackers source of phishing scheme
  • Investigating situation in which employees of school district had their W-2 information released
Read More
Tazewell Chronicle

  • Russian Hackers sent fraudulent emails asking for employee W-2 information, cause security breach
  • Posed as District's Superintendent
  • Names and Social Security numbers compromised when employee sent information
Read More


 
BACK TO TOP