Impact of Elekta Ransomware Attack on Advocate Aurora Health, Jefferson Health, and Intermountain Healthcare Confirmed

Three more healthcare providers reported that they were affected by the latest ransomware attack on Elekta Inc, the Swedish radiation therapy and radiosurgery provider.

Elekta offers a web-based mobile software referred to as SmartClinic, which healthcare companies utilize to gain access to patient data for cancer treatments. Cybercriminals obtained access to Elekta’s systems from April 2, 2021 to April 20, 2021 copied the SmartClinic database prior to deploying ransomware and encrypting data records. The database comprised the personal data and protected health information (PHI) of patients connected with 42 healthcare systems in the U.S.A. Elekta informed impacted customers in May 2021.

Advocate Aurora Health has not long ago stated that 68,000 of its patients in 7 sites in Illinois were affected by the attack. The ransomware gang acquired the following types of PHI: names, addresses, height and weight measurements,, dates of birth, Social Security numbers, driver’s license numbers, diagnosis details, treatment data, and appointment confirmations.

Advocate Aurora Health stated there was no evidence found that suggests the misuse of information gotten from the attack, nonetheless free credit monitoring, fraud consultation, and identity theft restoration services were provided to impacted persons as a preventative measure. Advocate Aurora Health claimed it is working with Elekta to make certain that steps are undertaken to avert identical events down the road.

Jefferson Health based in Philadelphia, PA reported that the database included the PHI of cancer patients who had gone to Sidney Kimmel Cancer Center to get treatment. The compromised PHI were patient names, birth dates, doctor names, medical record numbers, department, date(s) of service, diagnosis and/or prescription data, and treatment programs. For a number of patients, a Social Security number was also breached. Patients are being advised through the mail and were given free credit monitoring and identity theft protection services. According to Jefferson Health, it is currently re-checking its connection with Elekta. Jefferson Health hasn’t yet stated how many patients were impacted.

Intermountain Healthcare located in Salt Lake City, UT mentioned patient names and scanned picture files were probably compromised. The photo files contained details including medical intake forms and medical pictures, which might have contained dates of birth, Social Security numbers, demographic details, insurance cards and other ID cards. Intermountain Healthcare is working with Elekta to carry out more safeguards, such as migrating its records to a new-generation Elekta cloud system. The 28,628 patients affected by the incident received complimentary credit monitoring services.

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.