The Cancer Centers of Southwest Oklahoma announced on Thursday a data security incident that involved business associate, Elekta, Inc. and some patient information.
According to a release from Cancer Centers of Southwest Oklahoma, which services communities including Altus, Lawton, Duncan and Chickasha, the incident included “Elekta’s first-generation cloud-based storage system” which “experienced a data security incident.”
“Immediately upon learning of this incident, Elekta engaged a forensic investigator to launch an investigation to determine the nature and scope of the suspicious activity,” a release states.
On April 28, 2021, the forensic investigation “confirmed that there was access to patient health information as a result of the incident.” According to Cancer Centers of Southwest Oklahoma, that information included patient names, social security numbers, addresses, dates of birth, heights and weights, medical diagnosis, medical treatment details and appointment confirmation. However, no “financial account or credit or debit card information was involved in this incident and there is no evidence that any information was disclosed publicly or misused for a fraudulent purpose as a result of this incident,” Cancer Centers of Southwest Oklahoma stated in the initial release.
“While the forensics investigation is still ongoing, out of an abundance of caution, Elekta must conclude that all data within Elekta’s first-generation cloud system was compromised, including the data for patients of Cancer Centers of Southwest Oklahoma, LLC,” states a release. “The compromised system remains shut down to protect patient and customer information and to prevent any further access to Elekta’s system. While the analysis is still ongoing, we will send letters to patients whose information was contained within Elekta’s potentially compromised cloud system.”
Lane Hooten, Chief Operations Officer with Cancer Centers of Southwest Oklahoma, said they take the incident and the security of patient information “seriously.”
“Immediately after we were notified of the incident, we began working with Elekta to better understand the nature and scope of the incident and coordinate our efforts to find alternate ways to continue treating patients,” Hooten said. “We will continue working with Elekta to ensure our patients continue to receive treatment, further secure patient information and notify regulatory authorities as required. While we have no indication at this time that any patient information has been missed, as an added precaution Elekta is offering complimentary access to identity monitoring, fraud consultation and identity theft restoration services.”
Instructions for these services will be included in letters to affected patients.
For more information, call 580-250-5124 between 8 a.m. to 5 p.m. Monday through Friday or email to firstname.lastname@example.org.