“It’s stressful enough” to have cancer treatment, the patient said. And then “to have to deal with this.”
The patient’s treatment is expected to resume this week.
About 42 health care sites across the U.S. saw service disrupted as a result of the breach, a spokesman for Elekta said.
“We are doing everything we can to get impacted customers up and running,” Mattias Thorsson, Elekta’s vice president of corporate communications, said in an email. “We are working with each customer to find a solution that works for them to get them treating as soon as possible, which is already the case for some of them.”
Other hospitals mentioned in news reports as affected by the breach included Southcoast Health in Massachusetts, Lifespan Cancer Institute in Rhode Island, and Rhode Island Hospital.
The U.S. saw a spike in cyberattacks on health care providers in 2020.
Hospitals and health care systems are increasingly targets of hackers. Some hacks are aimed at stealing patient health information. Others are “ransomware” attacks, designed to inflict maximum fear as the hacker seizes control of the data or system in order to extort money. Elekta did not release details of this particular attack.
Some experts have said the coronavirus pandemic left health care systems easier targets because they are overwhelmed dealing with COVID-19.
Interpol, the international police organization, early in the pandemic said that its cybercrime unit had detected “a significant increase” in ransomware attacks targeting pandemic response institutions, adding that “cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.”
The hacking report Protenus Breach Barometer said healthcare hacking incidents rose 42% in 2020. Other services estimated the increase being from 25% to 55%.
Some of the cyberattacks could put patient care at risk, such as ones that target medical devices such as insulin pumps or pacemakers.
Elekta works with cloud-based systems, and it said that as a protection it took all its first-generation systems offline on April 22. Only some of its 170 customers nationwide were affected, Thorsson said. As part of its response to the breach, it has sped up a migration that was in process, transferring those customers to the Microsoft Azure cloud.
It is also working with cyber experts and law enforcement investigators including the FBI to understand what happened.
Caleb Barlow, CEO of the Texas-based cybersecurity consulting firm CynergisTek, in comments to the news organization MedTechDive, echoed that healthcare is being targeted in the pandemic. He added that there was also more opportunity for hacking because of the pandemic’s shift to remote care and communications.
“The bad guys know healthcare is very vulnerable,” Barlow said.
CANCER TREATMENT BREACH
Cybersecurity experts said healthcare data breaches had spiked during the pandemic, as hackers try to take advantage of a weak moment in the health system. Often they are trying to take control of data, or a crucial system, in order to demand ransom payment to give the control back. Elekta did not gives details about this hack. Here are some points:
Who: Elekta, based in Sweden with North American headquarters in Dunwoody, makes precision cancer radiation treatment systems. It uses cloud computer technology.
What: Some hospitals that use the systems reported the systems going offline. Elekta said it suffered a “data security incident.”
When: The incidents started last week, and Elekta took its first-generation systems offline April 22. It is working with hospitals to go back online this week. Yale New Haven is back online.