Elekta Cyberattack Took Some Us Cancer Radiation Services Offline

By   ISBuzz Team
Writer , Information Security Buzz | Apr 30, 2021 10:51 am PST


Elekta, a Swedish service provider of advanced radiation treatment software, has confirmed a security breach of their software for linear accelerators used in radiation therapy. The breach is reported to have resulted in service outages 42 US hospitals and care centers. A cybersecurity expert with Byos offers comments in response.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
April 30, 2021 6:54 pm

<p>Here again we see the healthcare market being targeted by cybercriminals. In this case it\’s a supply chain attack via a third party application, Elekta. It\’s so devastating when people\’s lives and medical treatments are at risk due to ineffective or outdated cybersecurity measures.</p> <p> </p> <p>As always, organizations are only as secure as the weakest link in their supply chain. Malicious actors will look for any way in and will always take the easiest path. The best defense is a proactive offense. If your third party vendors can’t maintain adequate security protocols then you will have to put in place proactive measures such as behavior-based security analytics which can detect these sorts of unknown threats in real-time. Saving lives is of utmost priority.</p>

Last edited 2 years ago by Saryu Nayyar
Matias Katz
Matias Katz , CEO
April 30, 2021 6:53 pm

<p>This attack demonstrates the need to rethink how medical equipment and devices can be secured online using zero trust principles. Healthcare Delivery Organizations rely on a universe of OEMs and 3rd party integrators to manage, patch, update, monitor and troubleshoot some of the most critical and sensitive software, medical equipment and devices.</p> <p> </p> <p>Flat networks, or networks with minimal segmentation will continue to experience these kinds of widespread-impact incidents. Undergoing a full zero trust implementation can take time, but a simple and achievable first step would be to apply the principles of \"micro-segmentation\" to minimize the risk of lateral movement and mitigate the impact of breaches from supply chain attacks. When networks are micro-segmented, IT has more visibility and control over the traffic flows and can isolate and remediate endpoints at the time of attack, while ensuring the rest of the network is protected.</p>

Last edited 2 years ago by Matias Katz

Recent Posts

Would love your thoughts, please comment.x