07/17/2021
GREENWOOD – July 17, 2021 – There was a recent data security incident that involved The Cancer Center at Greenwood Leflore Hospital’s (CCGLH) business associate, Elekta, Inc. (Elekta). Elekta is a company that provides technology services, including data storage, to CCGLH. On or about April 6, 2021, Elekta’s first-generation cloud-based storage system experienced a data security incident. Immediately upon learning of this incident, Elekta engaged a forensic investigator to launch an investigation to determine the nature and scope of the suspicious activity. The forensic investigation confirmed that there was access to protected health information (PHI) as a result of the incident. Specifically, the forensic investigation determined that there was evidence that PHI of CCGLH patients was potentially encrypted. However, the forensic investigation determined that there was no interactive access to the PHI and PHI belonging to CCGLH patients was not downloaded or transferred from the database. While the forensics investigation is still ongoing, out of an abundance of caution, Elekta concluded that all data within Elekta’s first-generation cloud system was compromised. The compromised system remains shut down to protect patient and customer information and to prevent any further access to Elekta’s system.
Elekta confirmed to CCGLH on May 17, 2021 that there was access to PHI in the Elekta database. The following types of PHI belonging to the CCGLH patients residing in Mississippi or neighboring states may have been involved in the incident: full name, social security number, address, date of birth, height, weight, medical diagnosis, medical treatment details, appointment confirmations, and other information. This information is considered PHI under the Health Insurance Portability and Accountability Act of 1996. No financial account, credit card, or debit card information was involved in this incident.
CCGLH is committed to providing quality care, including protecting its patients’ confidential information, and CCGLH wants to assure the public that it has policies and procedures in place to protect PHI. Again, upon learning of this incident, Elekta launched an in-depth investigation of the incident by engaging a third-party forensic investigator, and took steps to prevent any further access to its systems. Elekta also notified its customers, including CCGLH, of the incident. Immediately after CCGLH was notified of the incident, CCGLH began working with Elekta to better understand the nature and scope of the incident and coordinate efforts to find alternate ways to continue treating patients. CCGLH is notifying its patients of Elekta’s security incident and is advising its patients how they may protect themselves from identity theft. CCGLH is also notifying appropriate regulatory authorities regarding Elekta’s security incident.
As an added precaution, Elekta is also offering complimentary access to identity monitoring, fraud consultation, and identity theft restoration services to CCGLH’s patients who may have been affected by this security incident.
If you have questions, please call (866) 281-0520 and identify yourself as a patient of The Cancer Center at Greenwood Leflore Hospital.