Radiation Treatments Disrupted After Cyberattack on Software Vendor

The Swedish oncology and radiology system provider Elekta is recovering from a cyberattack that forced it to take its first-generation cloud-based storage system offline on April 20, 2021. While the company has confirmed it has suffered a security breach, details about the exact nature of the attack have yet to be released. It is unclear what type of malware was used in the attack, but ransomware is suspected. The cloud-based storage system was taken offline to contain the threat.

Elekta said only a subset of customers in the United States that use its software have been affected and are experiencing a service outage as a result of the cloud-based systems being taken offline. Elekta is in the process of migrating those customers to its new Microsoft Azure cloud and the company is working around the clock to complete that process. All affected customers have been notified; however, few details about the incident have been made public so as not to compromise the internal and law enforcement investigations, but Elekta reports that the threat has now been fully contained.

Connecticut-based Yale New Haven Health is one of the U.S. healthcare providers to be affected by the incident. The cyberattack on Elekta forced Yale New Haven Health to take its radiation equipment offline until the issues are resolved. The software is used on linear accelerators for radiation treatments. Systems have been offline for more than a week and some cancer patients have been transferred to other healthcare providers to continue their treatments.

Other healthcare providers known to have been affected include Southcoast Health in Massachusetts and Lifespan Corp. Lifespan, which oversees the Lifespan Cancer Institute and Rhode Island Hospital, has confirmed that only one afternoon of appointments was missed at its radiation oncology sites, and they were quickly rescheduled for the next day. There have been no further postponements or delays to treatments.

Please see the HIPAA Journal Privacy Policy

Elekta issued a statement saying no evidence has been found to indicate any data were extracted or copied. Elekta said around 170 customers in the United States that use its first-generation cloud system have experienced service disruptions to one or more of their products.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.