Onco360

Onco360 operates as a specialty pharmacy within the United States, with its core business centered on the dispensing of prescription medications and the management of patient care for individuals with complex, often chronic health conditions. The organization's services are particularly focused on the oncology sector, providing pharmaceutical support for cancer treatments, which includes handling highly sensitive patient health information. This information encompasses demographic data, medical and clinical records, health insurance details, and occasionally Social Security numbers and limited financial data. Serving patients across the USA, Onco360 functions within the heavily regulated healthcare landscape, where the secure management of protected health information is a fundamental operational requirement. The company's work involves direct coordination with healthcare providers, insurers, and patients to facilitate appropriate medication therapy and ongoing clinical support, positioning it as a key component in the treatment continuum for specialized care.

In November 2017, Onco360 experienced a significant data security incident when unauthorized actors gained access to three employee email accounts via a phishing attack, ultimately compromising the personal information of approximately 53,000 patients. The breached data included the same categories of sensitive health and personal information the company routinely handles. Following the discovery of suspicious email activity, Onco360 implemented immediate containment measures, including resetting affected account passwords and deploying enhanced email security protocols. The organization also mandated additional employee training to improve recognition of malicious communications, a critical step given the phishing vector. In compliance with regulatory obligations, Onco360 notified impacted individuals, providing them with complimentary credit monitoring services and a dedicated support line, while also informing relevant federal health authorities and law enforcement agencies. This event underscores the persistent cyber threats facing healthcare entities that manage large volumes of protected health data and highlights the importance of robust technical safeguards and employee awareness in preventing and responding to such incidents.