fbpx

Elekta Ransomware Attack and Breach of Cancer Patient Data Class Action

Elekta, Inc. keeps data for cancer healthcare providers in a cloud-based data storage. This data includes personally identifiable information (PII) and protected health information (PHI). This class action concerns a ransomware attack and data breach that allowed hackers access to Elekta’s cloud-based radiology software as well as to the information stored in Elekta’s systems. The complaint alleges that Elekta had inadequate data security and did not comply with data privacy protection standards.

The Nationwide Class for this action is all persons living in the US who had their PII or PHI hosted by Elekta compromised because of the data breach. An Illinois Class has also been defined for those living in Illnois.

Elekta is a Swedish company that describes itself on its website as “a global leader in radiotherapy solutions to fight cancer and neurological diseases.” Because it believes that the treatment of cancer is “complex and data driven,” it has gone into data and artificial intelligence to both aid in its treatments and increase its revenues.

The complaint says it stores but also analyzes data, to “improve clinical outcomes, productivity, and ultimately increased financial performance…” The company claims to protect the data it stores with what the complaint describes as “improved data security and AI along with multi-layer threat protection, better data organization leveraging modular infrastructure and disk encryption at rest.”

Even so, between April 2 and April 20, 2021, Elekta was subjected to a ransomware attack and data breach. Elekta took action in part by “immediately cut[ting] off the cyberattackers by temporarily taking its systems offline and cancelling or rescheduling radiation treatment appointments for cancer patients.”

In late May, the company told its healthcare clients that the PII and PHI of their patients had been exposed in the attack. The clients included forty-two healthcare systems, including Northwestern Memorial HealthCare, Renown Health, Cancer Centers of Southwest Oklahoma, Carle Health, Lifespan, Charles Health System, Yale New Haven Health, Emory Healthcare, and Southcoast Health. The information exposed included names, dates of birth, Social Security numbers, medical diagnoses and treatments, health insurance information, and so on.

Because Elekta took down its system as part of its response, the complaint alleges, “many cancer patients across the United States had their cancer treatment delayed or disrupted…”

The complaint alleges, “Elekta knew, or should have known, the importance of safeguarding the PII and PHI entrusted to it and of the foreseeable consequences if its data security were breached. Elekta failed, however, to take adequate cyber security measures to prevent the Data Breach from occurring.” This has exposed patients to fraud and identity theft, the complaint claims.

The complaint says the Federal Trade Commission (FTC) regards has brought enforcement actions against businesses who have failed to protect data. The complaint claims, “Elekta’s failure to employ reasonable and appropriate measures to protect against unauthorized access to consumer PII and PHI constitutes an unfair act or practice prohibited by … the FTC Act.”

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Elekta Ransomware Attack and Breach of Cancer Patient Data Complaint

July 16, 2021

Elekta, Inc. keeps data for cancer healthcare providers in a cloud-based data storage. This data includes personally identifiable information (PII) and protected health information (PHI). This class action concerns a ransomware attack and data breach that allowed hackers access to Elekta’s cloud-based radiology software as well as to the information stored in Elekta’s systems. The complaint alleges that Elekta had inadequate data security and did not comply with data privacy protection standards.

Elekta Ransomware Attack and Breach of Cancer Patient Data Complaint

Case Event History

Elekta Ransomware Attack and Breach of Cancer Patient Data Complaint

July 16, 2021

Elekta, Inc. keeps data for cancer healthcare providers in a cloud-based data storage. This data includes personally identifiable information (PII) and protected health information (PHI). This class action concerns a ransomware attack and data breach that allowed hackers access to Elekta’s cloud-based radiology software as well as to the information stored in Elekta’s systems. The complaint alleges that Elekta had inadequate data security and did not comply with data privacy protection standards.

Elekta Ransomware Attack and Breach of Cancer Patient Data Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Ransomware Attack, Your Privacy