A major security incident at a US-based cancer treatment and research center, City of Hope, has compromised the sensitive personal data of over 820,000 patients.

The healthcare organization published a notice of a data security incident on its site, informing that it suffered a security breach between September and October last year.

“On or about October 13, 2023, City of Hope became aware of suspicious activity on a subset of its systems and immediately instituted mitigation measures to minimize any disruption to its operations,” reads the notice.

Buy Me A Coffee

“City of Hope launched an investigation into the nature and scope of the incident with the assistance of a leading cybersecurity firm, which determined that an unauthorized third party accessed a subset of our systems and obtained copies of some files between September 19, 2023, and October 12, 2023.”

The sensitive data that may have been exposed as a result of this incident includes the following:

  • Full names
  • Email address
  • Phone number
  • Date of birth
  • Social security number
  • Driver’s license
  • Government ID
  • Bank account number
  • Credit card details
  • Health insurance information
  • Medical records and history

The City of Hope says there’s no evidence of identity theft or fraud occurring due to this incident and clarifies that not every data type listed above was compromised for every patient, so the level of exposure varies per case.

CERT-In Finds Multiple Bugs in Google Chrome, SAP Products