Radiation Treatments Postponed Due to Software Vendor Cyberattack

Elekta, a Swedish provider of oncology and radiology system, is recovering from a cyberattack that shoved it to take offline its first-generation web-based storage platform on April 20, 2021. Even though the firm has reported the security breach, there’s still no fine detail regarding the precise nature of the cyberattack. It is unclear what type of malware the attackers used, but it is believed to be ransomware. The company took the online storage system offline to better manage the problem.

Elekta explained only a percentage of U.S. customers that use its software system was affected and cannot access the service due to the fact that the online storage system is down. Elekta is trying to move every one of those customers to the new Microsoft Azure cloud, working around the clock just to complete that process. All affected customers got the breach notification; however, several pieces of information about the incident were publicized so as not to compromise the business and law enforcement investigations. Elekta states that the issue was already fully resolved.

Yale New Haven Health established in Connecticut is a U.S. healthcare business that was affected by the Elekta cyberattack. Yale New Haven Health decided to take its radiation devices offline until all the issues are resolved. The linear accelerators for radiation therapies use the software program. Systems were inaccessible online for more than a week and many cancer patients had to go to other healthcare providers to continue their radiation therapies.

Other healthcare organizations known to have been affected by the breach include Lifespan Corp and Southcoast Health based in Massachusetts. According to Lifespan, which oversees the operations of Rhode Island Hospital and the Lifespan Cancer Institute, its radiation oncology centers only skipped one afternoon of consultation services. The canceled services were quickly re-scheduled for the next day. No other treatment was canceled or delayed.

Elekta made an announcement stating that the investigators did not find any evidence that indicates the removal or copying of any information. Elekta reported that around 170 U.S. customers using its first-generation web system experienced service interruptions on at least one product.

About Christine Garcia 1304 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA