21st Century Oncology Data Breach (2015)

A 21st Century Oncology spokesperson confirmed today to DataBreaches.net that 2.2 million patients were impacted by this breach. Today, 21st Century Oncology Holdings, Inc. announced that it is investigating an unauthorized third party intrusion into its network. The company is providing notice to individuals that may have been affected by the incident and offering one year of complimentary identity protection services to those individuals. On November 13, 2015, the Federal Bureau of Investigation (FBI) advised 21st Century that patient information was illegally obtained by an unauthorized third party who may have gained access to a 21st Century database. Upon learning of the intrusion, we immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security. Based on this investigation, 21st Century has determined that the intruder may have accessed the database on October 3, 2015, which contained the personal information of some patients, including their names, social security numbers, physicians' names, diagnoses and treatment information, and insurance information. We have no evidence that patients' medical records were accessed. The FBI asked that 21st Century delay notification or public announcement of the incident until today so as not to interfere with its investigation. Now that law enforcement's request for delay has ended, the company is notifying patients as quickly as possible. 21st Century continues to work closely with the FBI on its investigation. In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future. 21st Century has no indication that patients' information has been misused in any way; however, out of an abundance of caution, the company is offering one year of free identify theft protection services to potentially affected patients. 21st Century remains committed to maintaining the privacy and security of our patients' personal information. Fort Myers-based 21st Century Oncology is warning 2.2 million patients that their personal information may have been accessed by an "unauthorized third party" that broke into a company database Oct. 3. The accessed information may have included patient names, Social Security numbers, physician names, diagnosis and treatment data and insurance information, according to the company. 21st Century Oncology said it has no evidence that medical records were accessed.