(TNS) — Jefferson Health says a cloud-based database with information on 1,769 patients treated at the Sidney Kimmel Cancer Center was breached in April during a national attack on a software vendor.
Hackers targeted software used for radiation treatment by oncologists.
Elekta Inc. informed Jefferson of the extent of the cyberattack on May 26 and Jefferson reported it to the federal government on Thursday, toward the end of a 60-day legal window for reporting such attacks. Jefferson also last week publicly disclosed the attack for the first time.
The FBI and other federal agencies warned health-care organizations last October that they could be heightened targets for cyber crimes.
Hacking incidents of patient information reported to the U.S. Department of Health and Human Services have soared 153% to 276 incidents so far this year compared with the same period in 2020, according to a federal database. Under federal rules, organizations report hacks only if they involve more than 500 people.
In early June, the database shows, Temple University Hospital reported a hacking incident that affected 16,356 people — without also making any general public announcement.
The health-care system declined on Monday to provide more information. “We are no longer doing business with the third-party vendor that was breached. We’re not able to provide additional details as the investigation is still open,” a spokesman said in an email.
“The bad guys are doing pretty well right now,” said Leeza Garber, a lecturer on cyber crime at the Wharton School and an adjunct professor at Drexel.
“There is a huge trend in hacking and cyber crimes,” said Lisa A. Lori, a lawyer at Klehr Harrison Harvey Branzburg LLP. “It’s not just health care. It’s every industry. Hackers are smart, and people may not be paying attention.”
Hackers look to steal information or to hold for ransom organizations whose computer systems have been crippled. Earlier this year, a cyberattack crippled Colonial Pipeline and disrupted gas supplies on the East Coast. Colonial Pipeline paid the hacking group DarkSide $4.4 million to restore its computer systems. U.S….