Phishing Attack Affects Multiple Cancer Treatment Centers
A phishing attack has affected multiple cancer care providers that are part of the Integrated Oncology Network (ION). All affected entities have issued similar breach notices about the incident, which involved unauthorized access to a small number of employee email and SharePoint accounts in what was described as “a sophisticated phishing attack.”
Immediate action was taken to secure the affected accounts, and an investigation was launched to determine the nature of the attack and the extent of any data breach. The forensic investigation confirmed that the accounts were compromised over three days between December 13, 2024, and December 16, 2024. Some of the compromised accounts contained patient information. The review of the accounts confirmed that they contained names, addresses, dates of birth, financial account information, diagnoses, lab results, medications, treatment information, health insurance and claims information, provider names, dates of treatment, and Social Security numbers.
The affected cancer care providers have not found any evidence of misuse of patient information; however, as a precaution, the affected individuals have been offered complimentary credit monitoring, dark web monitoring, and identity restoration services. ION sent notification letters to the affected oncology physician practices on June 13, 2025, and individual notification letters started to be mailed to the affected patients on June 27, 2025. ION said the email accounts were most likely compromised to perpetrate a phishing scheme; however, SharePoint accounts were also accessed by the attacker(s). Additional cybersecurity training has been provided to the workforce to reduce the risk of similar incidents in the future.
Breach reports are starting to appear on the HHS’ Office for Civil Rights breach portal from the affected oncology physician practices. The list may grow over the coming days. This post will be updated when further victims have been confirmed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
| Affected Entity | State | Individuals Affected |
| California Cancer Associates for Research and Excellence – High Desert | CA | 17,250 |
| Lake City Cancer Care, LLC | FL | 15,142 |
| Radiation Oncology Network of Southern California, LLC | CA | 12,944 |
| Rocky Mountain Oncology Care | WY | 10,268 |
| e+ Oncologics Louisiana, LLC | LA | 8,270 |
| California Cancer Associates for Research and Excellence – Fresno | CA | 7,670 |
| PET Imaging of Northern Colorado | CO | 4,824 |
| Mojave Radiation Oncology Medical Group | CA | 4,403 |
| Fairbanks Urology | AK | 4,289 |
| Integrated Oncology Network | TN | 4,174 |
| South Georgia Center for Cancer Care | GA | 4,108 |
| PET Imaging of Tulsa | OK | 3,159 |
| PET Imaging of The Woodlands | TX | 2,978 |
| Denali Biomedical | AK | 2,413 |
| Acadiana Radiation Therapy, LLC | LA | 2,219 |
| Golden State Radiation Oncology | CA | 2,130 |
| PET Imaging of Dallas Northeast | TX | 1,935 |
| Orange County Radiation Oncology Medical Group | CA | 1,911 |
| PET Imaging of Sugar Land | TX | 1,808 |
| Southwest Urology | OH | 1,310 |
| PET Imaging of Houston Medical Center | TX | 1,236 |
| Bardmoor Cancer Center | FL | 991 |
| Cancer Care Center of North Florida-Lake Butler | FL | 976 |
| California Cancer Associates for Research and Excellence – San Diego | CA | 638 |
| Synergy Radiation Oncology Medical Group | CA | TBC |
| Memorial Radiation Oncology Medical Group | CA | TBC |
| Total | 117,406 |
