Getty Images

MS Cancer Center Joins List Affected by Elekta Data Breach  

A Mississippi cancer center is alerting patients of a recent data breach that impacts protected health information.

The Cancer Center of Greenwood Leflore Hospital is reporting that some of its patients’ protected health information (PHI) is part of the larger Elekta data breach.  

The Mississippi healthcare organization announced July 17 that a recent data incident involving its business associate, Elekta, contained PHI belonging to Cancer Center of Greenwood (CCG) patients.  

“The following types of PHI belonging to the CCG patients residing in Mississippi or neighboring states may have been involved in the incident: full name, social security number, address, date of birth, height, weight, medical diagnosis, medical treatment details, appointment confirmations, and other information,” the CCG statement notes. “This information is considered PHI under the Health Insurance Portability and Accountability Act of 1996.  No financial account, credit card, or debit card information was involved in this incident.” 

The data breach, which occurred April 6, impacted “Elekta’s first-generation cloud-based storage system.”   

“Immediately upon learning of this incident, Elekta engaged a forensic investigator to launch an investigation to determine the nature and scope of the suspicious activity,” the statement notes. “The forensic investigation confirmed that there was access to protected health information (PHI) as a result of the incident.  Specifically, the forensic investigation determined that there was evidence that PHI of CCG patients was potentially encrypted.  However, the forensic investigation determined that there was no interactive access to the PHI and PHI belonging to CCG patients was not downloaded or transferred from the database.” 

“While the forensics investigation is still ongoing, out of an abundance of caution, Elekta concluded that all data within Elekta’s first-generation cloud system was compromised,” the CCG statement says. “The compromised system remains shut down to protect patient and customer information and to prevent any further access to Elekta’s system.” 

CCG is working with Elekta on the investigation and is “committed to providing quality care, including protecting its patients’ confidential information, and CCG wants to assure the public that it has policies and procedures in place to protect PHI,” it stated.  

Elekta’s April 2021 data breach impacted several US-based healthcare facilities, including Renown Health in Nevada, Yale New Haven Health, Lifespan, Southcoast Health, and the Cancer Centers of Southwest Oklahoma.    

“Elekta’s first-generation cloud-based storage system has experienced a data security incident,” Elekta said in a statement on its website. “A subset of customers in North America are affected.”  

Elekta is working with cyber experts and law enforcement during its investigation, the company statement reads.   

It launched the investigation to “understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments. We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care.” 

Elekta is providing free access to credit monitoring, fraud consultations and identity theft restoration services to all CCG patients impacted by the security breach.  

CCG patients with questions or concerns about the data breach can call the call center at 866-281-0520.  

Next Steps

Dig Deeper on Cybersecurity strategies