Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Affected by Elekta Ransomware Attack

Three more healthcare providers have announced they have been affected by the recent ransomware attack on the Swedish radiation therapy and radiosurgery solution provider Elekta Inc.

Elekta provides a cloud-based mobile application called SmartClinic, which is used by healthcare providers to access patient information for cancer treatments. Cybercriminals gained access to Elekta’s systems between April 2, 2021 and April 20, 2021 exfiltrated the SmartClinic database prior to deploying ransomware and encrypting files. The database contained the personal and protected health information (PHI) of patients of 42 healthcare systems in the United States. Elekta notified affected customers in May 2021.

Advocate Aurora Health has recently announced that 68,000 of its patients across 7 sites in Illinois have been affected by the attack. The following types of PHI were acquired by the ransomware gang: names, addresses, dates of birth, height and weight measurements, Social Security numbers, driver’s license numbers, diagnosis information, treatment information, and appointment confirmations.

Advocate Aurora Health said no evidence has been found to suggest information obtained in the attack has been misused, but complimentary credit monitoring, fraud consultation, and identity theft restoration services have been offered to affected individuals as a precaution. Advocate Aurora Health said it has been working with Elekta to ensure steps are taken to prevent similar events in the future.

Philadelphia, PA-based Jefferson Health said the database contained the PHI of cancer patients who received treatment at its Sidney Kimmel Cancer Center. Patient names, dates of birth, medical record numbers, physician names, department, date(s) of service, treatment plans, diagnosis and/or prescription information were compromised. For some patients, a Social Security number was also included in the database. Patients are being notified by mail and have been offered complimentary credit monitoring and identity theft protection services. Jefferson Health said it is now re-evaluating its relationship with Elekta. Jefferson Health has not yet disclosed how many patients were affected.

Intermountain Healthcare in Salt Lake City, UT said patient names and scanned image files were potentially compromised. The image files included data such as medical intake forms and medical images, which may have included dates of birth, demographic information, insurance cards, other identification cards, and Social Security numbers. Intermountain Healthcare has been working with Elekta to implement additional safeguards, including migrating its data to a new-generation Elekta cloud system. The 28,628 affected patients have been offered complimentary credit monitoring services.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.