Cyber Incident Victim: Advocate Aurora Health

On January 27, 2015, Aurora Health Care discovered malware infections on computer systems and servers within its network. The malicious software was designed to capture login credentials entered by users on specific websites, primarily those offering financial services. An internal investigation, supported by a cybersecurity firm’s forensic analysis, determined the malware operated by intercepting active user sessions to harvest authentication data from affected workstations. The malware’s configuration file included instructions to monitor activity on social media platforms in addition to financial sites. Aurora Health Care took immediate action to remove the malicious files from its network following detection. The organization confirmed patient information remained uncompromised, concluding only caregivers faced potential exposure due to their use of the infected systems. A list of websites targeted by the malware was published on Caregiver Connect, Aurora’s private portal for staff and partners.

Aurora Health Care notified caregivers of the incident through a disclosure letter signed by Chief Human Resources Officer Amy Rislov, advising them to change passwords for personal online accounts—particularly those involving financial or sensitive data. The organization offered affected personnel complimentary credit monitoring and identity protection services for one year. In response to the breach, Aurora implemented network security upgrades including enhanced unauthorized access detection systems and full-disk encryption for mobile computer storage. The institution reinforced cybersecurity protocols by mandating frequent password changes and prohibiting access to personal social media accounts or suspicious email links/attachments from workstations. Training programs were developed to increase caregiver awareness of cyber risks, reflecting Aurora’s operational prioritization of cybersecurity following the incident.