25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Radiation Treatments Disrupted After Cyberattack on Software Vendor

Posted By on Apr 24, 2021

The Swedish oncology and radiology system provider Elekta is recovering from a cyberattack that forced it to take its first-generation cloud-based storage system offline on April 20, 2021. While the company has confirmed it has suffered a security breach, details about the exact nature of the attack have yet to be released. It is unclear what type of malware was used in the attack, but ransomware is suspected. The cloud-based storage system was taken offline to contain the threat.

Elekta said only a subset of customers in the United States that use its software have been affected and are experiencing a service outage as a result of the cloud-based systems being taken offline. Elekta is in the process of migrating those customers to its new Microsoft Azure cloud and the company is working around the clock to complete that process. All affected customers have been notified; however, few details about the incident have been made public so as not to compromise the internal and law enforcement investigations, but Elekta reports that the threat has now been fully contained.

Connecticut-based Yale New Haven Health is one of the U.S. healthcare providers to be affected by the incident. The cyberattack on Elekta forced Yale New Haven Health to take its radiation equipment offline until the issues are resolved. The software is used on linear accelerators for radiation treatments. Systems have been offline for more than a week and some cancer patients have been transferred to other healthcare providers to continue their treatments.

Other healthcare providers known to have been affected include Southcoast Health in Massachusetts and Lifespan Corp. Lifespan, which oversees the Lifespan Cancer Institute and Rhode Island Hospital, has confirmed that only one afternoon of appointments was missed at its radiation oncology sites, and they were quickly rescheduled for the next day. There have been no further postponements or delays to treatments.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Elekta issued a statement saying no evidence has been found to indicate any data were extracted or copied. Elekta said around 170 customers in the United States that use its first-generation cloud system have experienced service disruptions to one or more of their products.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist