Alex - stock.adobe.com

Renown Health Falls Victim to Elekta Data Breach, PHI Exposed

Nevada-based Renown Health is the latest to announce that its patients’ PHI was accessed through an Elekta data breach that impacted over 40 other organizations.

Renown Health in Nevada announced that its patients’ protected health information (PHI) was exposed through an April data breach of its business associate, Elekta. Over 40 other health systems have been impacted by the cancer care software company’s breach.

The Elekta breach occurred on April 6th, and Renown Health was notified on April 26th. Officials confirmed that names, Social Security numbers, addresses, birthdates, medical diagnoses, appointment confirmations, and other PHI were exposed.

“We take this incident and the security of patient information seriously. Upon learning of this incident, Elekta launched an in-depth investigation of the incident by engaging a third-party forensic investigator, and took steps to prevent any further access to its systems. Elekta also promptly notified its customers, including us, of the incident,” explained Renown Health in a June 25th letter to patients.

“Immediately after we were notified of the incident, we began working with Elekta to better understand the nature and scope of the incident and coordinate our efforts to find alternate ways to continue treating patients.”

In addition, Elekta is offering free identity monitoring and fraud consultations to Renown Health patients. Other health systems impacted by the breach include Yale New Haven Health, Lifespan, Southcoast Health, and the Cancer Centers of Southwest Oklahoma.

Yale New Haven Health was forced to take its radiation equipment offline for more than a week and Lifespan canceled radiation oncology appointments for one afternoon. The forensics investigation is still ongoing, and the scope of the data breach is still unknown.

“We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care,” Elekta added in a statement on its website.

Next Steps

Dig Deeper on Healthcare data breaches