Ransomware Attack on Arkansas Oncology Group Affects 113,500 Individuals
Highlands Oncology Group, a comprehensive cancer care provider with six locations in Northwest Arkansas, has recently disclosed a cyberattack that was first identified on June 2, 2025. A hacker gained access to its network on January 21, 2025, and remained within the network undetected until June 2, 2025, when ransomware was used to encrypt files. Between those dates, there was intermittent access to the network, and patient data may have been viewed or acquired.
The files were reviewed and found to contain protected health information such as names, dates of birth, Social Security numbers, driver’s license/state identification numbers, passport numbers, credit/debit card numbers, financial account numbers, medical treatment information, medical record numbers, patient account numbers, and/or health insurance policy information. The types of data exposed or stolen varied from individual to individual.
The data breach was recently reported to the Maine Attorney General as involving the personal information of 113,575 individuals, and the HHS’ Office for Civil Rights breach portal indicates the protected health information of 111,766 individuals was exposed. Notification letters started to be mailed on August 1, 2025, and individuals whose Social Security numbers and/or driver’s license numbers were involved have been offered complimentary identity theft protection services. All individuals have been advised to remain vigilant against misuse of their information and should monitor their accounts, explanation of benefits statements, and credit reports closely for signs of data misuse.
While the name of the threat actor was not disclosed in the breach notification letters, the Medusa ransomware group claimed responsibility for the attack. Medusa is known to engage in double extortion, stealing data and demanding a ransom payment to prevent the publication of the stolen data and to provide the keys to decrypt the data. Medusa was the subject of a joint alert by CISA, the FBI, and MS-ISAC earlier this year after attacking more than 300 entities, including several healthcare providers. Highlands Oncology Group was added to the Medusa data leak site temporarily, and a $700,000 ransom was demanded. There is currently no listing on the data leak site, which suggests the ransom was paid.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Highlands Oncology Group is one of several cancer care facilities to fall victim to cyberattacks in recent weeks. Last month, a phishing attack affected at least 26 cancer care providers who were part of the Integrated Oncology Network. This is not the first ransomware attack on Highlands Oncology Group, which experienced an attack in November 2023. A recent survey conducted on behalf of the cybersecurity firm Semperis revealed that 77% of healthcare organizations were targeted with ransomware in the past 12 months, 53% of those attacks were successful, and 60% faced multiple attacks.
