Cyber Incident Victim: 21st Century Oncology
Date:
Oct 2015
Location:
United States of America
Summary
A Florida-based cancer clinic experienced a cybersecurity breach where unauthorized actors accessed sensitive information of approximately 2.2 million patients and employees, including names, Social Security numbers, medical diagnoses, treatment details, and insurance data. Federal authorities alerted the organization to the intrusion, which prompted an investigation and delayed public disclosure; the clinic later notified affected individuals and provided complimentary credit protection services despite no evidence of data misuse. This marked the second time federal officials informed the entity of a breach, following a prior insider incident linked to fraud. The compromised medical and insurance information raised concerns about heightened risks for medical identity theft and targeted fraud based on insurance plan value.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2015, unidentified hackers breached the network systems of 21st Century Oncology, a Florida-based cancer clinic, gaining unauthorized access to sensitive data. The Federal Bureau of Investigation (FBI) discovered the intrusion and notified the clinic in November 2015, though public disclosure was delayed at federal authorities' request to allow completion of their investigation. The compromised data included names, Social Security numbers, diagnosis and treatment information, and insurance details of approximately 2.2 million patients and employees. 21st Century Oncology publicly acknowledged the breach in March 2016, nearly five months after initial FBI notification. While the clinic stated there was no evidence of data misuse, it initiated notifications to affected individuals and offered one year of complimentary credit protection services. Patients were advised to monitor insurance statements for unauthorized services.
The incident represented the second known breach at 21st Century Oncology involving federal law enforcement notification, following a 2013 insider breach connected to tax refund fraud. Company statements emphasized that patient care operations would remain unaffected and outlined enhanced security measures to prevent future incidents. Security experts highlighted the elevated risk posed by exposure of medical treatment details and insurance information, noting such data could facilitate targeted medical fraud or identity theft based on insurance plan valuations. The delayed disclosure timeline between FBI notification and public acknowledgment reflected procedural coordination with investigative authorities rather than immediate public reporting.