Elekta Data Breach Leaks Patient Info at Oklahoma Cancer Center

June 15, 2021 - The Cancer Centers of Southwest Oklahoma announced that it was part of a cancer software data breach through its business associate, Elekta, that may have leaked sensitive patient information. The breach occurred on April 28th and may have affected more than 40 other healthcare organizations.

A forensic investigation revealed that Social Security numbers, addresses, birthdates, and medical treatment details were exposed to the breach. No financial information was revealed during the breach.

Cancer Centers of Southwest Oklahoma reported that the compromised system is currently shut down until they can secure the system. Patients will receive letters if they were impacted by the breach.

“Immediately upon learning of this incident, Elekta partnered with leading cyber experts and law enforcement to launch an investigation to understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments,” Elekta, a Swedish software company, said in a statement on its website.

“We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care.”

Yale New Haven Health in Connecticut, Southcoast Health in Massachusetts, and Lifespan in Rhode Island all previously reported that they were part of the data breach. Lifespan reported that radiation oncology appointments were canceled for one afternoon.

In addition, Yale New Haven Health took its radiation equipment offline for more than one week, according to HIPAA Journal. No other delays have been reported. Elekta did not specify if the attack was related to ransomware.

“Immediately after we were notified of the incident, we began working with Elekta to better understand the nature and scope of the incident and coordinate our efforts to find alternate ways to continue treating patients,” said Lane Hooten, chief operations officer with Cancer Centers of Southwest Oklahoma, according to a report from The Duncan Banner.

“We will continue working with Elekta to ensure our patients continue to receive treatment, further secure patient information and notify regulatory authorities as required. While we have no indication at this time that any patient information has been missed, as an added precaution Elekta is offering complimentary access to identity monitoring, fraud consultation and identity theft restoration services.”

In other news, the FBI recently began investigating a series of ransomware attacks that affected over a dozen healthcare systems in October of 2020. In Oregon, Sky Lakes Medical Center was hit hard by an attack committed by Ryuk ransomware that caused the medical center to upgrade its entire system, which included cleaning the hardware and software on 2,000 computers.

Large-scale cyberattacks against healthcare organizations have been causing chaos in the industry recently. A recent FBI Flash Alert revealed that Conti ransomware, a hacking group, has conducted at least 16 attacks targeting 911 dispatch centers, first responder networks, and law enforcement in the past year alone. The healthcare industry is a logical target for hackers, as valuable patient information can be held ransom and cause significant disruptions in care for victims.