The health records of nearly 5,000 St. Charles Health System cancer patients may have been exposed during a data breach that affected 42 health systems in the United States.
Every patient or patient’s family has been notified of the April 26 data breach, said Bruce Anders, St. Charles Health System vice president of legal affairs, in an email to The Bulletin. A forensic investigation shows that none of the patients’ information has been disclosed publicly or used fraudulently, according to a legal notice in The Bulletin.
In addition, no credit card or debit card information was involved in the security breach, according to the legal notice.
As soon as the Swedish software firm, Elekta, which provides cancer registry software and data management, was alerted to the data breach, it contacted the Federal Bureau of Investigation, Raven Canzeri, Elekta medial relations global director, said in an email.
Affected patients were notified by mail on Monday, June 14, that the breach entailed names, addresses, Social Security numbers, dates of birth, weight and height and medical diagnosis, according to a public legal notice. “We have shared information about the event with St. Charles,” Canzeri said in an email. “We have migrated our cloud-based applications to Elekta’s Axis Cloud, which was not impacted by the incident and operates on the Microsoft Azure environment, which employs the latest and most stringent cloud and security technologies available.”
Since the breach, Elekta has implemented additional security enhancements to prevent future incidents, Canzeri said. According to Elekta’s website, the breach affected the company’s North American customers. Patients or their family members have been given directions on how to obtain free access to identity monitoring, fraud consultation and identity theft restoration, Anders said.
“The security and privacy of our patient information is something we take extremely seriously, so we use robust digital systems to screen our vendors for security protocols and tools to monitor compliance,” Anders said in an email. “We are in a constant state of process improvement and are currently evaluating even better screening and monitoring software.”