Bad actors often target healthcare organizations because they typically lack strong cybersecurity defenses. On top of that, the data they store is highly valuable, and healthcare companies are often willing to pay large sums to recover it. The latest attack has impacted multiple cancer centers across the U.S.
A coordinated phishing campaign has breached sensitive patient data at several cancer care providers affiliated with Integrated Oncology Network (ION), a Tennessee-based network of oncology practices.
What you need to know about the cancer care breach
The breach, which occurred over a three-day period between December 13 and 16, 2024, allowed attackers to access employee email and SharePoint accounts, according to notices filed with state regulators and the U.S. Department of Health and Human Services.
The compromised accounts contained protected health information, including names, addresses, birth dates, diagnoses, lab results, treatment details, medications, insurance information, and in some cases, Social Security numbers and financial data. While ION says there is no current evidence of misuse, the company has offered affected individuals free credit monitoring, dark web monitoring, and identity theft protection services.
Breach notifications were sent to impacted practices on June 13, 2025, and patient letters began mailing on June 27.
Investigators say the phishing campaign was likely designed to harvest data for use in wider fraud schemes. While SharePoint access was also compromised, the primary focus appears to have been email-based data collection. ION says it has since updated its cybersecurity protocols and provided additional training to staff.
Which practices are affected by the breach
So far, at least eleven practices have reported being affected by the breach. The largest include:
- Rocky Mountain Oncology Care: 10,268 individuals
- e+ Oncologics Louisiana, LLC: 8,270
- California Cancer Associates – Fresno: 7,670
- Mojave Radiation Oncology Medical Group: 4,403
- South Georgia Center for Cancer Care: 4,108
- PET Imaging of Tulsa: 3,159
- Acadiana Radiation Therapy, LLC: 2,219
- PET Imaging of Dallas Northeast: 1,935
Other practices affected include imaging and radiation centers in Texas, Louisiana, and North Florida. In total, more than 130,000 individuals have been impacted so far. The breach is now listed on the HHS Office for Civil Rights breach portal, which tracks healthcare data exposures involving more than 500 individuals.
We reached out to Integrated Oncology Network, now operating within Cardinal Health’s Navista oncology alliance, for comment, but did not receive a response before our deadline.
6 ways to protect yourself from cancer care breach
The recent phishing attack on ION-affiliated cancer centers exposed sensitive patient information, including contact details, medical records, and even Social Security numbers in some cases. If you are affected or just want to stay one step ahead, these actions can help minimize your risk.
1) Don’t click on suspicious links or attachments and use strong antivirus software
The ION data breach gives attackers access to your contact details, which they can misuse. Avoid clicking on unexpected emails or messages, even if they look legitimate. The best way to do that is to have strong antivirus protection installed on all your devices. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
2) Use a personal data removal service
Since your contact details might have been exposed in the ION breach, you’re more vulnerable to spam, scams, and targeted fraud. Consider using a personal data removal service to scrub your name, email, phone number, and address from data broker websites that sell your information.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
3) Use strong, unique passwords for every account
Reusing passwords increases your risk. A single leaked password can unlock multiple accounts. Use a password manager to generate and store secure passwords.
- Unlimited password storage
- Secure sharing
- Password health reports
- Auto-fill and emergency access
- Data breach monitoring to alert you if your credentials have been exposed
- A Security Dashboard with tools like the Data Breach Scanner and Password Health Checker to identify weak, reused, or compromised passwords
CyberGuy Exclusive Deal: Save 52% now with CyberGuy’s exclusive NordPass offer – Get 1 extra month FREE with a 2-year plan. Try 30 days risk-free for only $1.43 per month!
A Texas mom says she spent the night in jail after speaking up online about dirty water in her town. The case was later dropped, but her story raises a troubling question: could something you post online ever put you at risk?
Missed this event? Sign up via the registration form and see our live recording.
See Kurt’s 2026 picks for practical tech and everyday upgrades.
4) Sign up for an identity theft protection service
ION is offering free identity theft and credit monitoring services to those affected by the breach. But even if you weren’t impacted by this specific breach, it’s still smart to protect yourself. Identity theft protection services can alert you to suspicious activity, help you recover if your identity is stolen, and often provide tools to freeze or lock your credit. That prevents fraudsters from opening new accounts in your name, and you can lift the freeze temporarily when needed.
One of the best parts of my top pick, Aura Identity Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.
Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.
See my full list of trusted identity theft protection services and expert tips to stay safe online.
5) Enable two-factor authentication (2FA)
Adding a second layer of login protection like a text message or app-based code via 2FA, can make it much harder for ION attackers to access your accounts, even if your password is exposed.
6) Monitor your credit and financial accounts
Keep an eye out for strange charges or unfamiliar accounts. Set up alerts through your bank and review your credit report regularly to catch fraud early.
Related Links:
- Browser extensions put millions of Google Chrome users at risk
- Medicare data breach exposes 100,000 Americans’ info
- Malware exposes 3.9 billion passwords in huge cybersecurity threat
Kurt’s key takeaway
Phishing attacks remain a leading cause of healthcare data breaches, often exploiting gaps in email security and employee awareness. While ION acted quickly to contain the incident, the scope of the breach highlights how a single phishing campaign can expose tens of thousands of patient records across multiple systems and locations.
Do you think healthcare providers are doing enough to protect patient data? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
🎙 Now Streaming: My New Podcast: The CyberGuy Report
Kurt’s Top Deals
Deals move fast and inventory can be limited, so don’t wait too long.
| 🔥 Editor’s pick  Summer entertaining Ninja SLUSHi Machine (26% off) Frozen drinks and slushies at home in minutes. | |
| 💰 Top deal  Outdoor essential TYPEC Solar Bug Zapper (36% off) Solar-powered bug zappers for patios and camping. |
1 comment
You said;
“ and healthcare companies are often willing to pay large sums to recover it.”
Why are we not stopping the healthcare companies? We are supposed to trust these companies. Why do they want this information? Is it to deny us coverage?