2.2 Million Cancer Patient Records Exposed in Clinic Breach
21st Century Oncology Holdings has warned 2.2 million patients that their health data and Social Security numbers were stolen from its network.
The breach, which was discovered last November, was not revealed until March 4. The stolen data included patient names, Social Security numbers, physician names, treatment information, diagnoses and insurance information.
According to 21st Century Oncology, which operates 145 cancer treatment centers in the United States and 36 in Latin America, the hackers first gained access to its network in October, but it had to wait to notify patients until the FBI Investigation concluded.
“21st Century Oncology’s response really misses the mark,” said Ted Harrington, executive partner with Independent Security Evaluators, in an email interview with Threat Post. “They note in their statement that no medical records were lost. But patient names, Social Security numbers and other data were. These are some of the most important aspects of the medical record.”
Harrington also said this latest breach is part of a larger trend within hospital security, and concluded that hospitals need to increase their cyber defenses.
Florida-based 21st Century Oncology is not the only hospital to have been targeted. Last month, Hollywood Presbyterian Medical Center paid 40 Bitcoin (about $17,000) to hackers who had locked access to the hospital’s electronic medical record system.
Last week, City of Hope cancer treatment center said it had fallen victim to a phishing attack on January 18. It “resulted in unauthorized access to the email accounts of four staff members.” City of Hope also said in a statement that three of those email accounts contained patients’ “protected health information.”