Security incident at Elekta could have exposed the records of even more US citizens


Another US healthcare provider has announced that patient information may have been exposed as a result of the third-party Elekta breach.

Jefferson Health, which has medical centers across Philadelphia, said that patients’ names, dates of birth, medical record numbers, and clinical information related to treatment – such as physician name and department, treatment plans, and diagnosis and/or prescription information – had potentially been accessed.

For some patients, a Social Security number was also included, the healthcare provider said in a statement. Financial account, insurance, and payment card information was not involved, it added.


Read more of the latest healthcare security news


Jefferson Health’s systems, network, and electronic health records were not accessed since the breach occurred on Elekta’s systems, which held a database for cancer patients seen at Sidney Kimmel Cancer Center, one of Jefferson Health’s 14 hospitals. “The incident was not targeted at Jefferson Health or its hospitals,” the provider added.

Patients affected by the incident will be informed by post and offered free credit monitoring services.

Jefferson Health said it regrets that the incident occurred and is “committed to protecting the security and privacy of patient information”, adding that it is “re-evaluating its relationship with Elekta”.

Third-party peril

The breach arose from unauthorized access to third-party software Smart Clinic, a cloud-based mobile app which allows clinic providers to access patient information related to cancer treatments.

Smart Clinic is manufactured by Elekta, which confirmed in April this year that it had been the victim of a “data security incident”.

Elekta said it has launched an investigation to “understand what happened, mitigate any possible harm, and offer our customers a reliable solution that delivers on our commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments.

“We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care,” the organization added.

Multiple victims

Jefferson Health is the latest of several healthcare providers to disclose a breach related to the Elekta incident.

The private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers, for instance, was exposed after the center used Smart Clinic to conduct legally-required cancer reporting to the State of Illinois.


RELATED Data breach at third-party provider exposes medical information of US healthcare patients


Advocate Aurora Health, based in Milwaukee, Wisconsin, reported that the personal data of 68,000 pati
ents was breached in May as a result of the Elektra hack, while Intermountain Healthcare in Salt Lake City, Utah said the names and scanned image files of 29,000 patients were potentially compromised.

The Daily Swig has reached out to Jefferson Health for comment and we will update this article accordingly should we hear back.


YOU MAY ALSO LIKE Healthcare data breach: 2.4m records potentially exposed at Forefront Dermatology