Michigan cancer center notifies 22,000 patients of breach 5 months after hack

Unauthorized users had access to the practice's server from February to July 2016, which was discovered this past August.
By Jessica Davis
02:18 PM

Singh and Arora Oncology Hematology, a cancer center in Flint, Michigan, has notified 22,000 patients of a breach discovered in August 2016.

Hackers had access to the practice's server between February and July of 2016, local affiliate ABC12 reported. The files contained names, Social Security numbers, addresses, phone numbers, dates of birth, CPT codes and insurance information.

The cancer center reported the data breach to the Department of Health and Human Services' Office of Civil Rights on Oct. 21st. However, patients are only now being notified, five months later. The cancer center didn't provide a reason for the delay.

Under OCR guidance, all organizations are required to report a breach within 60 days of discovery – not only to the OCR, but to patients and the media.

In the letter sent to patients, Singh and Arora said the provider couldn't verify whether the data was compromised. Officials also said they don't believe the unauthorized users were after the patient data – but didn't state the reason for that thinking.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.