Northwestern Memorial HealthCare in Chicago, IL and Renown Health in Reno, NV were impacted by a cyberattack on Elekta, one of their business associates that provide a software system utilized for clinical radiotherapy for patients with cancer and brain ailments.
Elekta in Stockholm discovered the data breach and released a statement to confirm unauthorized access to its first-generation web-based storage system, which impacted a part of its North American customers.
Elekta is cooperating with the authorities and third-party cybersecurity specialists to find out specifically how the breach happened and the character and extent of the breach. Elekta began informing impacted healthcare providers in April 2021.
Elekta’s investigation showed that its systems were attacked from April 2, 2021 to April 20, 2021. The attackers got access to its systems and exfiltrated data that included the data of oncology patients, however, the breach only affected Elekta’s systems. There was no compromise of any systems belonging to its healthcare provider clients.
Northwestern Memorial HealthCare stated the database contained data like patient names, birth dates, Social Security numbers, medical insurance data, medical record numbers, and clinical data associated with cancer treatment, including medical records, doctor names, dates of service, treatment details, diagnoses, and/or prescribed medicine details.
Renown Health submitted a breach report indicating the compromise of 65,181 patients’ data such as names, addresses, Social Security numbers, birth dates, diagnoses, medical treatment details, appointment schedules and other patient data like weight and height.
Northwestern Memorial Healthcare stated the database comprised the protected health information (PHI) of 201,197 oncology patients who got treatment from a hospital in the list below:
- Northwestern Medicine Delnor Community Hospital
- Northwestern Medicine Central DuPage Hospital
- Northwestern Medicine Huntley Hospital
- Northwestern Medicine Lake Forest Hospital
- Northwestern Medicine Kishwaukee Hospital
- Northwestern Memorial Hospital
- Northwestern Medicine McHenry Hospital
- Northwestern Medicine Valley West Hospital
- Northwestern Medicine Valley West Hospital
Although data theft was established, Elekta reported there is no misuse or exposure of any patient data.
Northwestern Memorial Healthcare stated that people who had their Social Security number compromised will receive free credit monitoring and identity theft protection services. Renown Health mentioned Elekta is offering free identity checks, fraud consultation, and identity theft restoration assistance.
There’s a total of 42 healthcare systems are considered to have been impacted by the breach. In several instances, impacted facilities had to temporarily stop cancer treatments and coordinate patient treatment at other healthcare facilities.
The breach also impacted the following:
- 8,000 patients of Cancer Centers of Southwest Oklahoma, OK
- 4,687 patients of Charles Health System, OR
- 200+ patients of Yale New Haven, CT
- Unknown patients of Carle Health, IL
- Unknown patients of of Lifespan, RI
- Unknown patients of Southcoast Health, MA