Elekta Health Data Breach Strikes Jefferson Health, Disclosing PHI

July 20, 2021 - Jefferson Health, which has locations in Pennsylvania, New Jersey and Delaware, is notifying patients of a health data breach that exposed patients’ protected health information (PHI.)   

The July 19 notice, published on Jefferson Health’s website, informs patients of a “recent security incident experienced at one of our vendors, Elekta, Inc., involving some of our patient information,” the notice states. ” Elekta provides a cloud-based mobile application known as SmartClinic, which allows our clinic providers to access patient information related to cancer treatments.” 

Elekta informed Jefferson Health of the health data breach on May 26. During the security breach, an “unauthorized individual gained access to Elekta’s systems between April 2, 2021 and April 20, 2021 and, during that time, acquired a copy of the SmartClinic database that stores some of our patients’ information.” 

The breached data “may have included patient names, dates of birth, medical record numbers, and clinical information related to treatment at Jefferson Health, such as physician name and department, date(s) of service, treatment plan, diagnosis and/or prescription information. For some patients, a Social Security number was also included. Financial account, insurance and payment card information was not involved,” the notice states.  

“This incident did not involve access to Jefferson Health’s systems, network, or electronic health records. It occurred on Elekta’s systems, which held a database for cancer patients seen at Sidney Kimmel Cancer Center – Jefferson Health. The incident was not targeted at Jefferson Health or its hospitals,” it states.  

Jefferson Health is currently notifying all patients involved in this data breach and providing credit monitoring and identity theft protection services to patients who had their social security numbers breached.  

The healthcare facility is encouraging patients to review their healthcare provider statements and contact them if they see any services that they did not receive.  

“Jefferson Health regrets this incident occurred and is committed to protecting the security and privacy of patient information,” it states. “To help prevent something like this from happening again, Jefferson Health is re-evaluating its relationship with Elekta.” 

Elekta’s April 2021 data breach impacted several US-based healthcare facilities, including Renown Health in Nevada, Yale New Haven Health, Lifespan, Southcoast Health, and the Cancer Centers of Southwest Oklahoma.   

Any patient with a question or concern about the data breach can call the call center at 866-281-0520, Monday through Friday from 9:00 am to 11:00 pm EST, and Saturday and Sunday from 11:00 am to 8:00 pm EST.