Cyber Incident Victim: Choice Cancer Care Treatment Center

On May 21, 2019, Choice Cancer Care Treatment Center detected suspicious activity in a company email account, prompting an immediate investigation with assistance from a third-party forensic firm. The investigation determined an unauthorized actor accessed one email account between May 1 and May 21, 2019. Choice Cancer Care conducted a programmatic and manual review of the compromised account’s contents to identify potentially exposed patient information. This review concluded on September 18, 2019, confirming the presence of personal data within the email account during the breach window. The compromised information primarily included patient names and medical or health insurance details, with a limited subset of individuals potentially exposed to more sensitive data such as driver’s licenses, Social Security numbers, credit card information, and passport numbers. No evidence of actual or attempted misuse of the compromised data was identified during the investigation.

Following the breach confirmation, Choice Cancer Care implemented measures to secure its email systems and initiated a process to identify affected individuals and verify their contact information. The organization began notifying potentially impacted patients on November 15, 2019, advising them of the incident and offering complimentary credit monitoring and identity restoration services through ID Experts. Choice Cancer Care concurrently reviewed its data security policies and conducted additional employee training on data privacy practices. Patients were directed to a dedicated assistance line and the company website for further details, though the investigation maintained that no evidence suggested misuse of the exposed information. The notification emphasized the organization’s prioritization of data security while acknowledging the potential risks associated with the breach timeline and data types involved.