Cyber Incident Victim: Proton Therapy Center
Date:
Oct 2020
Location:
United States of America
Summary
A Tennessee-based proton therapy provider experienced a cybersecurity incident affecting operations in multiple locations, leading to temporary disruptions in clinical and financial systems. The organization implemented extensive security protocols and worked with external partners to restore IT functionality while relying on offline backup processes to maintain continuity. Although the breach caused operational challenges, patient care delivery remained unaffected and there was no evidence of unauthorized access or misuse of patient or employee data during the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2020, Proton Therapy Center, LLC (PCPT) in Knoxville and MTPC, LLC (MTPC) in Nashville experienced an information technology security incident during early morning hours. Both facilities, which provide cancer treatment through proton radiation therapy and were financed through municipal bonds, immediately initiated response protocols following the breach. The incident caused operational disruptions affecting clinical and financial systems, though the centers maintained patient care delivery through established contingency measures. By December 2, 2020, the organizations disclosed these disruptions in a bond filing, characterizing them as temporary but ongoing. Neither entity specified the attack vector or duration of system compromise in public reports.
The centers implemented extensive IT security protocols and collaborated with external security partners to restore operations, prioritizing system recovery while maintaining offline documentation methods as temporary workarounds. Clinical operations continued without interruption to patient treatments, with no evidence suggesting compromised safety standards during the incident response period. Financial operations experienced more significant disruptions, though the filing did not detail specific impacted processes. Investigations found no evidence that patient or employee data was accessed, copied, or misused. Both facilities maintained their backup processes throughout the recovery period, which extended beyond the initial disclosure date. The bond filing served as the primary public notification mechanism regarding the incident's operational impacts.