Northwestern Memorial HealthCare and Renown Health Affected by Elekta Cyberattack

A cyberattack on a business associate of Chicago, IL-based Northwestern Memorial HealthCare and Reno, NV-based has resulted in a range of data potentially being infiltrated. 

Stockholm-based Elekta, a provider of a software platform implemented for clinical radiotherapy treatment for cancer and brain disorders, was the first group to spot the data breach. Elekta made a public statement confirming its first-generation cloud-based storage solution was logged onto by unauthorized individuals, which affected a group of clients based in North America.

Elekta has been cooperating with law enforcement agencies and third-party cybersecurity specialists to find out precisely how the breach was allowed to take place and the nature and extent of the infiltration. Elekta began contacting impacted healthcare providers during April 2021.

Elekta’s review found that its systems were infiltrated at some point between April 2, 2021 and April 20, 2021. During that time period the hackers accessed and downloaded a copy of a database that included the data of oncology patients. The breach was restricted to Elekta’s databases . The systems of its healthcare provider clients were not in danger at any point in time.

Northwestern Memorial HealthCare revealed that the database held details of patient names, dates of birth, Social Security info, health insurance details, medical records, and clinical data linked to cancer treatment, such as medical histories, physician identity, appointment dates, treatment programmes, diagnoses, and/or prescription information.

Renown Health’s submitted breach reports says that the breach impacted 65,181 patients with the data involved incorporating names, Social Security cards, address information, birth dates, diagnoses, medical treatment data, appointments and other patient metrics such as height and weight.

Northwestern Memorial Healthcare revealed that the database contained the protected health information of 201,197 oncology patients who had been undergoing a course of treatment at one of the following hospitals:

  • Northwestern Medicine Central DuPage Hospital
  • Northwestern Medicine Delnor Community Hospital
  • Northwestern Medicine Huntley Hospital
  • Northwestern Medicine Kishwaukee Hospital
  • Northwestern Medicine Lake Forest Hospital
  • Northwestern Medicine McHenry Hospital
  • Northwestern Memorial Hospital
  • Northwestern Medicine Valley West Hospital
  • Northwestern Medicine Valley West Hospital

While data theft was uncovered, Elekta said there is nothing to suggest that any patient information has been or will be improperly used or shared publicly.

Northwestern Memorial Healthcare said anyone whose Social Security number was impacted will be provided with free credit monitoring and identity theft protection services. Renown Health said Eletka is supplying free identity monitoring, fraud consultation, and identity theft restoration services.

A number of clinics were forced to temporarily delay cancer procedures and arrange for patients to continue their treatment at alternative healthcare centers.

 

HIPAA Violation Penalties

Most Common HIPAA Violations Causes