Another US healthcare provider, Jefferson Health operating medical centers across Philadelphia state in the US, has revealed that patient information was exposed as a result of the Elekta breach. Electa is its partner that provides storage of patient information related to cancer treatments at the Jefferson Health clinics.
In a statement, the health system noted that the names, dates of birth, and clinical information of about its patients were potentially accessed by unknown attackers. The information that was accessed included SSNs for a subset of patients, but no financial account, insurance, and payment card information was involved, it added.
The systems, network, and electronic health records of Jefferson Health were not affected by the breach, which occurred due to the use of Elekta’s platform.
“The incident was not targeted at Jefferson Health or its hospitals,” the provider said, adding that all affected patients will be informed about the incident and offered free credit monitoring.
Jefferson Health assured that it is “committed to protecting the security and privacy of patient information” and is “re-evaluating its relationship with Elekta.”
The breach occurred due to unauthorized access to Smart Clinic, which is a mobile app developed by Elekta that enables cancer treatment providers to access patient records.
Elekta confirmed in April this year that its devices had been the victim of a data security incident. At the time, it was unknown whether any data was compromised.
Elekta has launched an investigation to ensure that it has taken the necessary steps to minimize any possible harm. The company noted that it would continue to work with its customers to deliver the best possible solutions for their cancer treatments.
“We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care,” the organization added.
Jefferson Health is the latest healthcare provider to disclose a breach related to Elekta. Previously, the information of patients of Northwestern Memorial HealthCare (NMHC) was exposed after the organization used Smart Clinic to perform cancer reporting.
Two other healthcare companies, Aurora Health and Intermountain Healthcare, said that their systems were breached by hackers who stole the personal data of about 78,000 patients due to a flaw in Electa.