HQ/EMEAFind out how we can help your business
A huge data breach struck the renowned cancer treatment and research centre, City of Hope, revealing the personal information of over 820,000 patients. The City of Hope, located in Duarte, California, and certified as a comprehensive cancer centre by the National Cancer Institute (NCI), provides critical treatment for a variety of life-threatening conditions, including cancer and diabetes, through its network of oncology clinics around the United States.
The breach, which occurred between September and October of the preceding year, came to light earlier this week when the City of Hope issued a notification on its website regarding the data security incident. Prompt action was taken upon the detection of suspicious activity around October 13, 2023, as the institution swiftly initiated mitigation measures to minimise any disruptions to its operations.
Launching a comprehensive investigation, City of Hope enlisted the support of cybersecurity experts, with findings revealing that an unauthorised third party had infiltrated a subset of the institution’s systems, gaining access to and making copies of certain files between September 19, 2023, and October 12, 2023.
The City of Hope breach exposed a wide range of data, reassuring patients of no current evidence of identity theft or fraud but noting varying levels of data exposure.
The compromised data encompasses a vast array of sensitive information, from full names and email addresses to social security numbers, bank account details, and even medical records and history. While the institution assures patients that there is currently no evidence of identity theft or fraudulent activities resulting from this breach, it emphasises that not all categories of data were exposed for every individual, leading to varying levels of exposure on a case-by-case basis.
With a nationwide impact affecting 827,149 patients, the healthcare institution has taken proactive measures to fortify its defences against future breaches. Further, its management is extending two years of complimentary identity monitoring services to affected individuals alongside personalised notifications.
Affected individuals are urged to exercise vigilance, monitoring their financial statements closely and remaining wary of unsolicited communications or attempts at fraudulent activity. Despite collaborative efforts, the specific cyberattack method responsible for the breach remains unidentified, with no ransomware groups claiming responsibility for the intrusion.
City of Hope remains steadfast in its commitment to patient confidentiality and data security, vowing to bolster its cybersecurity protocols to safeguard against future threats and protect the trust and privacy of its patients.
