Dozens of US hospitals have reportedly been affected in a supply-chain attack at a provider of medical equipment for cancer treatment.
The attack took place last week, in which threat actors compromisedElekta’s first-generation cloud-based storage system. The company confirmed in an update this week that “a data security incident” happened.
Elekta is a Swedish oncology and radiology system provider offering clinical management for the treatment of cancer and brain disorders.
Upon learning about this incident, Elekta involved “leading cyber experts” and law enforcement to help with an investigation into what happened and mitigating “any possible harm.”
The company promised in a statement to soon “offer [its] customers a reliable solution that delivers on [its] commitment to ensure that cancer patients have access to precise and personalized radiotherapy treatments.”
“We recognize the impact this might have on customers and their patients and are working tirelessly to enable customers to continue providing secure patient care.”
According to the company, only a subset of US customers had been affected and that all such customers had been advised about the situation.
Sone reports suggest a ransomware attack happened early on April 6 and forced two healthcare providers to take their systems offline in order to contain the breach. A spokesperson told HealthITSecurity that the Elekta’s security team identified two customer systems had been affected by the incident. While local media said the attack impacted Lifespan hospital in Rhode Island and Southcoast Health hospital in Massachusetts.
HIPAA Journal claimed that Connecticut-based Yale New Haven Health had to take its radiation equipment offline for over a week and transfer its cancer patients to other providers.
A separate report claimed 42 healthcare organizations had been affected by the attack.
It is unknown at this point, who was the attacker and how the breach happened. The investigation is currently underway.