New York Counseling Provider and Florida Cancer Center Announce Data Breaches
Family Counseling Services of the Finger Lakes in New York and the Cancer Care Center of North Florida have confirmed that patient data was compromised in recent hacking incidents.
Family Counseling Services of the Finger Lakes
Family Counseling Services of the Finger Lakes in New York has discovered unauthorized access to its email environment. Suspicious activity was identified on or around February 4, 2025, and the forensic investigation confirmed that a limited number of email accounts had been accessed by an unauthorized third party between January 14, 2025, and February 4, 2025.
The email accounts were immediately secured, and a review was conducted to determine the extent of data exposure. The file review was completed on June 30, 2025, and confirmed that the exposed data included full names, in combination with one or more of the following: date of birth, Social Security number, driver’s license number, bank account number, medical information, and health insurance information.
Family Counseling Service is unaware of any misuse of the exposed data; however, the affected individuals have been advised to remain vigilant against identity theft and fraud. Individuals whose Social Security numbers were involved have been offered complimentary credit monitoring services. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Cancer Care Center of North Florida
Cancer Care Center of North Florida has been affected by two security incidents, one involving unauthorized access to email accounts and a network server hacking incident. Both incidents involved the Integrated Oncology Network (ION).
As previously reported by the HIPAA Journal, the phishing incident affected multiple ION members. Between December 13, 2024, and December 16, 2024, an unauthorized third party gained access to certain emails and SharePoint files. The files contained names, addresses, dates of birth, financial account information, diagnosis, lab results, medication, treatment information, health insurance and claims information, provider names, and/or dates of treatment, and for a limited number of individuals, their Social Security numbers. Cancer Care Center of North Florida notified the HHS’ Office for Civil Rights that 976 patients of its Lake Butler location were affected.
The hacking incident involved unauthorized access to certain ION systems between March 31, 2025, and April 10, 2025. ION discovered the intrusion on April 11, 2025, and said only limited systems were affected. The review of the affected files is ongoing, but it has been confirmed that the compromised information includes names, address, date of birth, medical record number, diagnoses/conditions, diagnostic imaging, diagnostic test results, lab results, medications, treatment information, health insurance information, provider names, dates of treatment, driver’s license numbers, and/or financial account information.
The breach has affected multiple ION practices, which were notified between July 11, 2025, and August 6, 2025. Cancer Care Center of North Florida has confirmed that 1,789 of its patients were affected.
