Cancer Patients Diverted After Cyber-Attack on MedTech Firm
Scores of US hospitals are thought to have been affected after a security breach at a specialist provider of equipment for cancer treatments last week.
Swedish oncology and radiology system provider Elekta explained in a company update this week that a “data security incident” had affected its first-generation cloud-based storage system.
“Immediately upon learning of this incident, Elekta partnered with leading cyber experts and law enforcement to launch an investigation to understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments,” the statement continued.
“We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care.”
It said only a subset of US customers were affected and that they had been fully briefed about the situation.
However, reports suggest it was a ransomware attack that forced the firm to take its cloud storage system offline, in order to contain the breach.
HIPAA Journal claimed that one customer, Connecticut-based Yale New Haven Health, was forced to take its radiation equipment offline for over a week, with cancer patients transferred to other providers.
Other Elekta customers were luckier. Lifespan, which runs the Lifespan Cancer Institute and Rhode Island Hospital, reportedly claimed the incident only affected one afternoon of appointments.
A separate report claimed 42 hospitals and clinics were affected by the breach.
Saryu Nayyar, CEO of Gurucul, argued that organizations are only as secure as the weakest link in their supply chain.
“Malicious actors will look for any way in and will always take the easiest path. The best defense is a proactive offense,” she added.
“If your third-party vendors can’t maintain adequate security protocols then you will have to put in place proactive measures such as behavior-based security analytics, which can detect these sorts of unknown threats in real-time. Saving lives is of utmost priority.”