Phishing breach hits multiple US cancer centers

Bad actors often target healthcare organizations because they typically lack strong cybersecurity defenses. On top of that, the data they store is highly valuable, and healthcare companies are often willing to pay large sums to recover it. The latest attack has impacted multiple cancer centers across the U.S.

A coordinated phishing campaign has breached sensitive patient data at several cancer care providers affiliated with Integrated Oncology Network (ION), a Tennessee-based network of oncology practices.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER  

What you need to know about the cancer care breach

The breach, which occurred over a three-day period between Dec. 13 and 16, 2024, allowed attackers to access employee email and SharePoint accounts, according to notices filed with state regulators and the U.S. Department of Health and Human Services.

NATIONAL SECURITY EXPERTS RAISE CONCERNS AFTER MICROSOFT PROGRAM EXPOSED AS POSSIBLE AVENUE FOR CHINESE SPYING

The compromised accounts contained protected health information, including names, addresses, birth dates, diagnoses, lab results, treatment details, medications, insurance information, and in some cases, Social Security numbers and financial data. While ION says there is no current evidence of misuse, the company has offered affected individuals free credit monitoring, dark web monitoring and identity theft protection services.

Breach notifications were sent to impacted practices on June 13, 2025, and patient letters began mailing on June 27.

Investigators say the phishing campaign was likely designed to harvest data for use in wider fraud schemes. While SharePoint access was also compromised, the primary focus appears to have been email-based data collection. ION says it has since updated its cybersecurity protocols and provided additional training to staff.

Which practices are affected by the breach 

So far, at least 11 practices have reported being affected by the breach. The largest include:

• Rocky Mountain Oncology Care: 10,268 individuals
• e+ Oncologics Louisiana, LLC: 8,270
• California Cancer Associates – Fresno: 7,670
• Mojave Radiation Oncology Medical Group: 4,403
• South Georgia Center for Cancer Care: 4,108
• PET Imaging of Tulsa: 3,159
• Acadiana Radiation Therapy, LLC: 2,219
• PET Imaging of Dallas Northeast: 1,935

Other practices affected include imaging and radiation centers in Texas, Louisiana and North Florida. In total, more than 130,000 individuals have been impacted so far. The breach is now listed on the HHS Office for Civil Rights breach portal, which tracks healthcare data exposures involving more than 500 individuals.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

We reached out to Integrated Oncology Network, now operating within Cardinal Health’s Navista oncology alliance, for comment, but did not receive a response before our deadline.

6 ways to protect yourself from cancer care breach

The recent phishing attack on ION-affiliated cancer centers exposed sensitive patient information, including contact details, medical records, and even Social Security numbers in some cases. If you are affected or just want to stay one step ahead, these actions can help minimize your risk. 

1) Don’t click on suspicious links or attachments and use strong antivirus software

The ION data breach gives attackers access to your contact details, which they can misuse. Avoid clicking on unexpected emails or messages, even if they look legitimate. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech 

2) Use a personal data removal service

Since your contact details might have been exposed in the ION breach, you’re more vulnerable to spam, scams and targeted fraud. Consider using a personal data removal service to scrub your name, email, phone number and address from data broker websites that sell your information.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

3) Use strong, unique passwords for every account

Reusing passwords increases your risk. A single leaked password can unlock multiple accounts. Use a password manager to generate and store secure passwords.

Get more details about my best expert-reviewed Password Managers of 2025 at Cyberguy.com/Passwords

4) Sign up for an identity theft protection service

ION is offering free identity theft and credit monitoring services to those affected by the breach. But even if you weren’t impacted by this specific breach, it’s still smart to protect yourself. Identity theft protection services can alert you to suspicious activity, help you recover if your identity is stolen, and often provide tools to freeze or lock your credit. That prevents fraudsters from opening new accounts in your name, and you can lift the freeze temporarily when needed.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

5) Enable two-factor authentication (2FA)

Adding a second layer of login protection like a text message or app-based code via 2FA, can make it much harder for ION attackers to access your accounts, even if your password is exposed.

6) Monitor your credit and financial accounts

Keep an eye out for strange charges or unfamiliar accounts. Set up alerts through your bank and review your credit report regularly to catch fraud early. 

Kurt’s key takeaway

Phishing attacks remain a leading cause of healthcare data breaches, often exploiting gaps in email security and employee awareness. While ION acted quickly to contain the incident, the scope of the breach highlights how a single phishing campaign can expose tens of thousands of patient records across multiple systems and locations.

Do you think healthcare providers are doing enough to protect patient data? Let us know by writing us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER 

Copyright 2025 CyberGuy.com. All rights reserved.