Michigan cancer center notifies 22,000 patients of breach 5 months after hack
Singh and Arora Oncology Hematology, a cancer center in Flint, Michigan, has notified 22,000 patients of a breach discovered in August 2016.
Hackers had access to the practice's server between February and July of 2016, local affiliate ABC12 reported. The files contained names, Social Security numbers, addresses, phone numbers, dates of birth, CPT codes and insurance information.
The cancer center reported the data breach to the Department of Health and Human Services' Office of Civil Rights on Oct. 21st. However, patients are only now being notified, five months later. The cancer center didn't provide a reason for the delay.
Under OCR guidance, all organizations are required to report a breach within 60 days of discovery – not only to the OCR, but to patients and the media.
In the letter sent to patients, Singh and Arora said the provider couldn't verify whether the data was compromised. Officials also said they don't believe the unauthorized users were after the patient data – but didn't state the reason for that thinking.