Yale New Haven Health (YNHH) disclosed a data breach that affected its health system’s radiation machines, preventing around 200 cancer patients from getting treatments, reported News 8 WTNH. A report by Fox 61 said that a cancer software security breach is the culprit.
The cyber incident was caused by an attack on one of the third-party vendors used by YNHH to provide its services. According to Fox 61, the attackers targeted cancer care software company Elekta. The company offers software that runs linear accelerators needed to treat cancer patients with radiation.
However, YNHH EVP and Chief Clinical Officer Tom Balcezak said, “The belief is that no individual’s information has been compromised.”
Elekta suffered a series of cyberattacks which caused YNHH to take its radiation machines offline. The vendor also removed access to its Cloud data storage to avoid data leaks. The information stored in the Cloud is essential to the operation of the radiation machines.
YNHH CEO Marna Borgstrom explained, “We do not have the ability to operate the machines because the information that is programmed into those machines is up in the cloud.”
The attack affected a subset of the company’s US-based clients. Elekta took its Cloud storage offline on April 20.
The facility has notified all of its patients of the incident. Its doctors are also working with patients to provide individual care, according to News 8 WTMH.
The facility has been moving some of its severely sick patients to other hospitals due to its inability to provide treatments because of the cyberattack.
One patient, who has late-stage breast cancer, has not been able to receive their treatment for almost a week, which can be detrimental because the treatment requires consistency and frequency of the radiation to be more effective. Skipping days means that “the effectiveness of [the] treatment is diminished,” the patient’s family explained.
Vin Petrini of the hospital’s Public Affairs mentioned that the attack is currently being evaluated. Yale’s health care system is also working with Elekta to address the breach. The facility and the software it uses are expected to be fully functional by Monday.
Yale’s New Have health facility is not the only one affected by the Elekta breach. Around 170 health systems suffered from the incident which could cause disruptions in treatments among others.
Elekta reportedly removed access to software information to avoid impacts on other facilities, said Borgstrom.