Cancer treatment and research center City of Hope is warning that a data breach exposed the sensitive information of over 820,000 patients.
City of Hope is a National Cancer Institute (NCI)-designated comprehensive cancer center providing treatment for cancer, diabetes, and other life-threatening diseases. The organization is headquartered in Duarte, California, and operates oncology clinics across the US.
Earlier this week, the healthcare organization published a notice of a data security incident on its site, informing that it suffered a security breach between September and October last year.
“On or about October 13, 2023, City of Hope became aware of suspicious activity on a subset of its systems and immediately instituted mitigation measures to minimize any disruption to its operations,” reads the notice.
“City of Hope launched an investigation into the nature and scope of the incident with the assistance of a leading cybersecurity firm, which determined that an unauthorized third party accessed a subset of our systems and obtained copies of some files between September 19, 2023, and October 12, 2023.”
The sensitive data that may have been exposed as a result of this incident includes the following:
- Full names
- Email address
- Phone number
- Date of birth
- Social security number
- Driver’s license
- Government ID
- Bank account number
- Credit card details
- Health insurance information
- Medical records and history
The City of Hope says there’s no evidence of identity theft or fraud occurring due to this incident and clarifies that not every data type listed above was compromised for every patient, so the level of exposure varies per case.
According to the organization’s disclosure to the Office of the Maine Attorney General, 827,149 patients are impacted by this data breach nationwide.
City of Hope has already implemented additional defenses to prevent similar incidents from occurring in the future and offers two years of identity monitoring service coverage at no cost for the recipients of the personalized notifications.
Potentially impacted persons are also advised to monitor banking statements and remain vigilant against unsolicited communications, attempts to defraud, or requests for additional information.
The type of cyberattack that led to the data breach at City of Hope remains unknown, and no ransomware groups have assumed responsibility for the attack.