GREENWOOD, Miss. -- An unknown number of current and former patients at a Greenwood hospital’s cancer treatment center may have had their medical history and personal data compromised in a data breach of a technology vendor.
Letters starting going out Friday from Elekta Inc. to those who may have been impacted by the April cyberattack. The Cancer Center of Greenwood Leflore Hospital, which provides radiation treatment to cancer patients, was one of 42 health systems across the U.S. affected by the breach.
Elekta is a Swedish software firm that provides cancer registry software and data management services. It discovered that its cloud-based storage system had been accessed by unauthorized individuals between April 2 and April 20. The company initially believed that protected health information of individual patients had not been compromised, but a third-party forensic investigation later concluded that a copy of a patient database had been acquired in the breach.
According to a statement released Monday by Greenwood Leflore Hospital, the following types of patient information may have been involved in the hacking: full name, Social Security number, address, date of birth, height, weight, medical diagnosis, medical treatment details and appointment confirmations. The statement said no financial information, including credit or debit card data, was obtained in the hacking.
Elekta notified the FBI and shut down the affected cloud-based storage system following the breach. The Cancer Center has been storing its data since then on the hospital’s own internal servers, according to Key Britt, vice president of administrative services at Greenwood Leflore Hospital. She said no other hospital departments or clinics were impacted by the breach.
At least a month ago, Elekta began notifying some of the hundreds of thousands of cancer patients, or their families if the patients are deceased, who might have been impacted in other parts of the country. Britt was uncertain why letters to the Greenwood hospital’s cancer patients only began going out last week.
“They did not know for sure if anything had been breached,” she said of Elekta. “They immediately turned it over to the authorities to investigate. It took them that long to know what if anything had been breached.”
Raven Canzeri, global director of media relations for Elekta, declined Monday to explain why the notifications had not been sent earlier or how many patients of The Cancer Center were impacted by the breach, citing “confidentiality requirements.”
According to the hospital’s statement, Elekta is offering complimentary access to identity-monitoring, fraud-consultation and identity-theft-restoration services to potentially impacted patients.
Patients of The Cancer Center who wish to receive these services or have questions about the breach can contact Britt at email@example.com or 662-459-2627.
The Cancer Center “is committed to providing quality care, including protecting its patients’ confidential information,” the hospital’s statement said, and it “wants to assure the public that it has policies and procedures in place to protect” that information.
- Contact Tim Kalich at 581-7243 or firstname.lastname@example.org.