Northwestern Memorial HealthCare Latest Victim of Elekta’s PHI Data Breach

July 06, 2021 - Chicago’s Northwestern Memorial HealthCare is the latest hospital system to fall victim to Elekta’s recent data breach, exposing oncology patients’ protected health information (PHI) at nine Illinois hospitals.   

In a statement published on the Northwestern Memorial HealthCare (NMHC)  website July 2, the hospital revealed details of the April data breach involving its oncology patients’ personal data.  

“On May 17, 2021, Elekta informed us that an unauthorized individual gained access to its systems between April 2, 2021 and April 20, 2021 and, during that time, acquired a copy of the database that stores some oncology patient information,” the hospital stated.  

 “The information may have included patient names, dates of birth, Social Security numbers, health insurance information, medical record numbers, and clinical information related to cancer treatment, such as medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. Financial account and payment card information was not involved.” 

Northwestern Memorial HealthCare’s network and electronic health records were not accessed during this spring data breach.  

 “It occurred on Elekta’s systems, which held a database for oncology patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital, and Northwestern Medicine Valley West Hospital,” the NMHC statement read.   

NMHC and its hospitals were not targets of this cyber attack, it stated.  

The Illinois healthcare system joins several US-based hospitals impacted by  Elekta’s April 2021 data breach, which impacted Renown Health in Nevada, Yale New Haven Health, Lifespan, Southcoast Health, and the Cancer Centers of Southwest Oklahoma.  

Elekta, a precision radiation medicine provider, released a statement on its website as well.   

The Swedish software company said that its “first-generation cloud-based storage system has experienced a data security incident.”   

The breach impacted a portion of its North American customers. “Immediately upon learning of this incident, Elekta partnered with leading cyber experts and law enforcement to launch an investigation to understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments,” Elekta stated in the release.  

For the patients at any of Northwestern Memorial HealthCare’s nine Chicago-area hospitals impacted, a call center is currently set up to answer questions about the incident. Patients can call 855-731-3327, Monday through Friday, from 9 am to 5:30 pm CST.