Elekta, Inc. faces a proposed class action over an April 2021 ransomware attack that reportedly compromised all of the personally identifiable patient information housed in its first-generation, cloud-based data storage system used by cancer healthcare providers.
Per the lawsuit, hackers gained entry to Elekta’s cloud-based radiology software between April 2 and 20, accessing patient names, dates of birth, Social Security numbers, health insurance information, medical record numbers and clinical details related to their cancer treatments. The 24-page suit alleges that many cancer patients across the country, as a result of Elekta being forced to take its software offline until certain security vulnerabilities could be identified and addressed, were unable to receive timely treatment or had delayed treatment.
The unauthorized third party responsible for the attack, after gaining access to Elekta’s digital environment, exfiltrated patient files and records from a number of Elektra customers, including Northwestern Memorial HealthCare, Renown Health, St. Charles Health System, Carle Health, Cancer Centers of Southwest Oklahoma, Lifespan, Southcoast Health and Yale New Haven Health, according to the complaint. The suit places blame for the ransomware attack on Elekta’s “inadequate data security” and allegedly negligent failure to comply with state, federal and industry data privacy standards.
“Ironically, while Elekta offers data analytic solutions to its clients, it failed to secure its own systems from cybercriminals,” the complaint, filed in Georgia on July 16, says. “In fact, Elekta engaged in a forensic investigation and on April 28, 2021 cautioned that ‘Elekta must conclude that all data within Elekta’s first-generation cloud system was compromised.’”
Elekta, the suit says, has “seized on the big data and artificial intelligence market to increase its revenues,” and tailors its oncology software to “capture and leverage patient data” to allow healthcare providers to pursue a more automated process in providing treatment. The case relays that Elekta, in capturing and storing patient data, attempts to analyze the information and improve clinical outcomes, productivity and ultimately increase the financial performance of the healthcare provider.
Despite the identified operational risk of patient data being a target for unauthorized parties, Elekta was nevertheless subject to a ransomware attack aimed at the data provided by its oncology and radiology clients, the case relays. In total, approximately 42 healthcare systems are believed to have been affected by the data breach “that happened on Elekta’s watch,” the suit says.
The plaintiff, a Dekalb, Illinois resident, states in the case that she received a notice, dated June 25, 2021, informing her that her personal information had been compromised in the cyberattack.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.