Northwestern Memorial HealthCare

Northwestern Memorial HealthCare, also known as Northwestern Memorial Hospital or Northwestern Medicine, is a healthcare organization headquartered in the United States of America. Its operations involve patient care and fundraising activities, as evidenced by the nature of data exposed in a security incident. The organization maintains electronic medical records and handles sensitive patient information including names, demographic details, medical record numbers, dates of service, treatment departments, and physician names. It also processes donor information and financial account details related to fundraising efforts. Patient treatment and associated administrative data management form a core part of its functions, interacting with various departments and physicians within its structure.

A significant cybersecurity incident impacting Northwestern Memorial HealthCare occurred on February 7, 2020, originating not through its own systems but via a compromised third-party vendor. This breach exposed approximately 56,000 records containing donor and patient information over a period of several months. The unauthorized access targeted a database backup managed by the vendor's fundraising software infrastructure, bypassing the healthcare provider's core systems. While electronic medical records remained unaffected, the compromised data included names, demographic information, medical record numbers, service dates, treatment departments, physicians, and limited clinical details. Highly sensitive information, including Social Security numbers and financial account details, was exposed for five individuals. This incident highlights the organization's reliance on third-party vendors for critical functions like fundraising and the associated data security risks inherent in such relationships.