Cyber Incident Victim: Elekta

In April 2021, Swedish medical technology firm Elekta experienced a cybersecurity incident impacting its first-generation cloud-based storage system, which supported oncology and radiology equipment for US healthcare providers. The company publicly addressed the event on April 29, describing it as a "data security incident" that affected a subset of its US customers. Elekta initiated response measures immediately upon discovery, collaborating with cybersecurity experts and law enforcement agencies to investigate the breach, mitigate potential harm, and restore reliable service delivery for radiotherapy treatments. Reports from external sources indicated the incident involved ransomware, prompting Elekta to take its cloud storage system offline to contain the compromise. This operational disruption affected hospital systems relying on Elekta's technology, though the company maintained direct communication with impacted customers regarding the situation.

The incident caused significant treatment disruptions across multiple healthcare providers. Yale New Haven Health System in Connecticut was forced to take its radiation oncology equipment offline for over a week, requiring the diversion of cancer patients to alternative treatment facilities. Other organizations experienced varying levels of operational impact, with Lifespan Cancer Institute and Rhode Island Hospital reporting only a single afternoon of affected appointments. Independent assessments suggested at least 42 hospitals and clinics experienced service interruptions due to the breach. Elekta's response focused on restoring secure patient care capabilities while maintaining its radiotherapy treatment systems, though the company did not publicly disclose technical details about the attack vector or whether patient data was compromised. Service restoration timelines differed among affected facilities based on their operational contingencies and Elekta's remediation progress.