Class Action Lawsuit Filed Against Elekta Due to Ransomware Attack and Data Breach

A previous patient of Northwestern Memorial HealthCare (NMHC) filed a lawsuit against Elekta Inc. regarding its ransomware attack and security breach last April 2021.

Many U.S. healthcare providers are business associates with Elekta, a Swedish firm offering radiation medical therapies and similar equipment data services. Threat actors targeted Elekta’s cloud-based platform that is utilized to keep and transmit healthcare information and had access to the system from April 2 to April 20, 2021. The breach was discovered when the hackers deployed the ransomware.

Elekta noted the attack as impacting a small percentage of its cloud clients in the United States, which include NMHC. The total oncology NMHC database was breached in the ransomware attack. The database kept the protected health information (PHI) of 201,197 cancer patients such as names, Social Security numbers, dates of birth, and healthcare records. Overall, the attack affected 170 of Elekta’s healthcare clients.

The lawsuit was submitted in the U. S. District Court for the Northern District of Georgia on behalf of Deborah Harrington and other individuals in the same way impacted by the attack. The lawsuit claims the disclosure of PHI can be prevented, with the data breach happening due to Elekta’s not being able to employ adequate cybersecurity policies and protocols. Therefore, attackers made it possible to obtain access to its platform and take the sensitive information of patients.

The lawsuit states Elekta was negligent and did not honor its responsibilities to sustain sufficient data security tools to minimize the chance of data breaches, sufficiently secure PHI on its systems, and correctly keep track of its data security systems for actual intrusions. It is additionally supposed that Elekta didn’t make sure agents, workers, and others with access to sensitive data used proper security procedures.

The lawsuit states Harrington and the class members have sustained damages and actual hurt because of the cyberattack and they presently face a greater threat of identity theft and fraud and need to take on extra security steps to secure themselves against damage.

The claimed harm experienced by Harrington and the class members consists of the impending risk of future identity theft, time and cash spent to offset the danger of identity theft, reduced value of personal information, and privacy breach.

The lawsuit is seeking damages, compensation of out-of-pocket costs, legal expenses, injunctive relief, and additional relief as thought proper by the courts.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at