IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Hackers Target Data at Philadelphia Health-Care Systems

Hacking of patient info reported to the U.S. Department of Health and Human Services have soared 153 percent to 276 incidents this year compared with the same period in 2020, according to a federal database.

philadelphia
Philadelphia to launch Atlas, a free Web-based property information search tool to search information related to assessment value, 311 call history, zoning and other data.
Shutterstock
(TNS) — Jefferson Health says a cloud-based database with information on 1,769 patients treated at the Sidney Kimmel Cancer Center was breached in April during a national attack on a software vendor.

Hackers targeted software used for radiation treatment by oncologists.

Elekta Inc. informed Jefferson of the extent of the cyberattack on May 26 and Jefferson reported it to the federal government on Thursday, toward the end of a 60-day legal window for reporting such attacks. Jefferson also last week publicly disclosed the attack for the first time.

The FBI and other federal agencies warned health-care organizations last October that they could be heightened targets for cyber crimes.

Hacking incidents of patient information reported to the U.S. Department of Health and Human Services have soared 153% to 276 incidents so far this year compared with the same period in 2020, according to a federal database. Under federal rules, organizations report hacks only if they involve more than 500 people.

In early June, the database shows, Temple University Hospital reported a hacking incident that affected 16,356 people — without also making any general public announcement.

The health-care system declined on Monday to provide more information. "We are no longer doing business with the third-party vendor that was breached. We're not able to provide additional details as the investigation is still open," a spokesman said in an email.

"The bad guys are doing pretty well right now," said Leeza Garber, a lecturer on cyber crime at the Wharton School and an adjunct professor at Drexel.

"There is a huge trend in hacking and cyber crimes," said Lisa A. Lori, a lawyer at Klehr Harrison Harvey Branzburg LLP. "It's not just health care. It's every industry. Hackers are smart, and people may not be paying attention."

Hackers look to steal information or to hold for ransom organizations whose computer systems have been crippled. Earlier this year, a cyberattack crippled Colonial Pipeline and disrupted gas supplies on the East Coast. Colonial Pipeline paid the hacking group DarkSide $4.4 million to restore its computer systems. U.S. investigators later recovered some of the money.

Jefferson Health said that the April hack was limited and that the intruders did not penetrate its main computer system. The breach took place through Elekta Inc., a Swedish company. The company has not said whether the attack involved ransomware or was limited to attempted data theft.

Elekta, based in Stockholm, has posted a statement on its website about the hack saying that it had contacted cyber experts and law enforcement. "We recognize the impact this might have on customers and their patients," Elekta said. The company did not respond to an email.

According to media reports, the hack also hit the Yale New Haven Health System, Emory Healthcare in Atlanta, Southcoast Health in Massachusetts, and other health-care systems, all involving cancer data affiliated with Elekta.

Jefferson said that the stolen information may have included patient names, birth dates, medical record numbers, and clinical information related to treatment at Jefferson Health, such as physician name and treatment plan, diagnosis, or prescription information. For some patients, a Social Security number was also included.

Financial account, insurance and payment card information was not involved in the breach.

Jefferson Health is mailing letters to patients whose information may have been involved in this incident. Jefferson Health is also providing people whose Social Security number was involved with complimentary credit monitoring and identity theft protection services. Patients are encouraged to review statements from their health-care providers, and to contact them immediately if they see a listing for any services they did not receive.

Jefferson Health said that the health-care system was reevaluating its relationship with Elekta.

© 2021 The Philadelphia Inquirer. Distributed by Tribune Content Agency, LLC.
Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.