July 19, 2021
Some Jefferson Health cancer patients had their personal information compromised as part of a cyberattack aimed at a vendor's data systems in April.
Jefferson Health learned on May 26 that its patients were affected by a data breach of Elekta, a Swedish medical systems company, the health system said in a notice to patients Monday.
About 42 health care systems across the U.S. were impacted by the cyberattack, the Atlanta Journal-Constitution reported in late April. Among those affected were Yale New Haven Health System in Connecticut and Emory Healthcare in Atlanta.
Elekta provides a cloud-based mobile application called SmartClinic, which allows providers to access patient information for cancer treatments. An unauthorized person gained access to the company's system and acquired a copy of the SmartClinic database, which Jefferson has used to store information for patients seen at its Sidney Kimmel Cancer Center.
Jefferson Health would not disclose how many patients were impacted by the data breach or why the health system was only notifying them nearly two months after officials first learned of the hack.
The data breach may have included patient names, dates of birth and medical information, Jefferson Health said. It also may have exposed clinical information related to treatment such as physician names and departments, service dates, treatment plans and diagnosis and prescription information. Some patients' Social Security numbers may have been included, too.
Financial account, insurance and payment card information were not involved, the health system said. The cyberattack also did not include access to Jefferson's systems, network, electronic health records or hospitals.
The health system has begun sending letters to people who may have been impacted by the data breach. Patients are encouraged to review statements from their health care provider and to reach out if they find any services they did not receive.
Jefferson Health is providing complimentary credit monitoring and identity theft protection services to those whose Social Security numbers may have been accessed.
The health system said it is reevaluating its relationship with Elekta in the wake of the cyberattack to prevent a future breach from occurring.
"Jefferson Health regrets this incident occurred and is committed to protecting the security and privacy of patient information," the health system said.
Patients with questions and concerns can contact Elekta's call center at (866) 281-0520 from 9 a.m. to 11 p.m. on weekdays and 11 a.m.to 8 p.m. on weekends.
Elekta did not respond to PhillyVoice for comment on the incident.