McLaren Health Care and Greenwood Leflore Hospital Impacted by Elekta Ransomware Attack

McLaren Health Care Corporation (MHCC), the operator of 15 hospitals and over 100 primary care locations in Michigan and Ohio, has announced the protected health information of 64,600 of its cancer patients may have been compromised in a ransomware attack on vendor Elekta Inc.

Elekta provides software and technology services to MHCC facilities in Macomb, Northern Michigan, Gaylord, Cheboygan, West Branch, Lapeer, Central and Bay City, which includes data storage.

Between April 2 and April 20, 2021, Hackers had access to Elekta’s systems, exfiltrated data, then deployed ransomware to encrypt files. A ransom demand was issued, payment of which was required to decrypt data and prevent the exposure of data stolen in the attack. Elekta notified MHCC about the breach on May 17, 2021.

While patient data was affected, Elekta said it has no reason to believe that any of the stolen information will be further disclosed or published online. However, as a precaution against identity theft and fraud, complimentary identity theft protection and credit monitoring services are being offered to affected individuals.

The types of data potentially compromised in the attack included full names, Social Security numbers, addresses, dates of birth, height & weight measurements, medical diagnoses, medical treatment details, appointment confirmations, and other information MHCC collected to provide health care services.

Patients of The Cancer Center at Greenwood Leflore Hospital (CCGLH) in Mississippi have also been notified about the ransomware attack as a precautionary measure to prevent identity theft and fraud.

CCGLH was also notified by Elekta on May 17 about the ransomware attack and was told that patient data had been encrypted; however, Elekta’s forensic investigation determined there was no interactive access to the PHI and the PHI of CCGLH patients was not downloaded or transferred from the database. However, it was not possible to totally rule out the possibility of unauthorized data access and PHI theft.

The same types of information were impacted as MHCC and complimentary access to identity monitoring, fraud consultation, and identity theft restoration services is also being provided to CCGLH patients. It is currently unclear exactly how many CCGLH patients have been affected.