Recent Cyberattack Disrupted Cancer Care Throughout US

Nick Mulcahy

July 19, 2021

Cyberhacking of healthcare organizations is on the increase, and a recent cyberattack affected oncology care across the United States when hackers disrupted the software for machines that deliver radiotherapy to patients with cancer.

Cases of cyberhacking of healthcare organizations increased by 42% in 2020 from 2019, according to a report from the tech consulting firm Protenus, which issues an annual Breach Barometer report on the subject.

There were 470 hacks in 2020 vs 330 in 2019.

Experts believe this increase could be the result of the stress — and related vulnerability — from COVID-19, according to a story in MedTechDive, a trade publication.

The cyberattack that specifically disrupted oncology care took place a few months ago. Hackers targeted the software for linear accelerators used in radiation therapy.

Elekta, the Swedish supplier of the software, said that their clould-based data storage system experienced a "data security incident" in early- and mid-April. The company will not say whether or not the attack involved ransomware or was limited to attempted data theft.

"The incident is no longer ongoing," said Elekta's US spokesperson Raven Canzeri in an email to Medscape Medical News.

At the time, however, Elekta cut off access to the data storage, which led to disruptions of radiation therapy sessions at 42 healthcare sites in the United States, according to a report in the Atlanta Journal Constitution.

Elekta has 170 customers in the US, including multisite systems, that use the cloud-based data storage.

"We do not have the ability to operate the [radiation therapy] machines because the information that is programmed into those machines is up in the cloud," explained Marna Borgstrom, MPH, chief executive officer, Yale New Haven Health, New Haven, Connecticut, in a local news report at the time. The center suspended radiation treatment for 1 week.

All sites have resumed treatment, said Canzeri.

Sensitive patient information such as names, social security numbers, dates of birth, and diagnosis and treatment information was potentially exposed in the hack. However, no financial information was involved.

Cancer Centers of Southwest Oklahoma and Northwestern Memorial HealthCare (NMHC), a multihospital system in Illinois, both said they were told of those information vulnerabilities by Elekta in private communications.

The hack also affected Emory St. Joseph's Hospital in Georgia. Some of its radiation therapy patients had to be moved to other hospitals, and one patient expressed frustration and anxiety about the disruption, in a local news report. "It's stressful enough" to have cancer treatment without having also to "deal with this."  

Elekta acknowledged that difficulty in its statement, emphasizing that the company "is committed to advancing patient care and outcomes and understands that any delay in scheduled radiation therapy adds to patients' treatment burden."

NMHC said that their data attack involved approximately 200,000 patients. However, the hack did not involve access to any of the NMHC electronic health records, but was restricted to Elekta's systems, they emphasized in a statement. The multihospital system said it was encouraging its oncology patients "to review statements from their health insurer or healthcare provider, and to contact them immediately if they see any services they did not receive."

The Weakest Link

Securing an institution or company against hacks requires multifaceted strategies, but includes relatively simple measures like training staff to recognize common ploys, suggested a physician expert in 2019.

"The weakest link is still the healthcare employee duped by a 'phishing attack,' " Nabile M. Safdar, MD, MPH, associate chief medical information officer and vice chair of informatics at Emory University in Atlanta, told Medscape Medical News at the time.

In that same report, James Whitfill, MD, chief medical officer, Innovation Care Partners, Scottsdale, Arizona, said that "for now, it's the data that is being held for ransom," but that may evolve and become even more dramatic and dangerous.

Whitfill explained that numerous devices attached to or implanted in patients are potentially hackable. "In the future, people may be held for ransom," he warned.

Nick Mulcahy is an award-winning senior journalist for Medscape, focusing on oncology, and can be reached at  and on Twitter:  @MulcahyNick

For more from Medscape Oncology, join us on Twitter and Facebook


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.