Cyber Incident Victim: Onco360

In November 2017, Onco360 detected suspicious activity within an employee’s email account, prompting an investigation. The oncology pharmacy company engaged an external forensic team, which determined that an unauthorized actor had gained access to three employee email accounts. The breach impacted both Onco360 and its affiliated entity, CareMed Specialty Pharmacy, compromising the protected health information of 53,173 patients. Exposed data included patient demographic details, medical and clinical information, health insurance data, and Social Security numbers for some individuals. A limited subset of patients also had financial information exposed. While the breach notice did not explicitly confirm the attack vector, it strongly implied that employees had fallen victim to phishing emails—a common tactic used to infiltrate organizational email systems. The compromised email accounts served as the primary point of entry, with no evidence suggesting broader network penetration beyond the email platform itself.

Upon confirming the breach, Onco360 implemented immediate containment measures, including password resets for affected email accounts. The company augmented its email security protocols with additional safeguards to prevent similar incidents. Affected patients received direct notification, and Onco360 reported the incident to the U.S. Department of Health and Human Services as required under HIPAA, while also involving law enforcement. Remediation efforts included enhanced employee training focused on identifying phishing attempts and suspicious email patterns. Impacted individuals were offered complimentary credit monitoring services and access to a dedicated call center for inquiries related to the breach. The forensic investigation did not identify evidence of actual misuse of the exposed data, though the incident underscored the operational risks associated with email-based threats in healthcare settings.