Fort Myers-based 21st Century Oncology has been contacting 2.2 million patients to let them know that their personal information stored in the database has been violated and accessed by an unauthorized third party that broke into the database on October 3.
The following information was the one affected by the hacker: patient names, Social Security numbers, physician names, diagnosis and treatment data and insurance information, according to the company. 21st Century Oncology mentioned that only the medical records were untouched.
The FBI notified the cancer-care giant, which operates 145 centers in 17 states, about the breach on Nov. 13.
The company began notifying the patients on Friday according to federal regulators.
The company said that most of the federal investigators told them to stop notifying the patients about the incident because the scandal could affect their investigation. The FBI and the Department of Justice remained quiet during the case on Wednesday.
This whole chaos involved patients in all 50 states and other countries as well according to the company. The company representatives would not notify if any patient’s identity has been theft as a result. Its earlier letter stated that it had no evidence that that had happened. As a way to apologize the company has offered the patients a free one-year membership for a credit protection program.
“We also recommend that patients regularly review the explanation of benefits that they receive from their health insurer,” the letter to patients states. “If they see services that they did not receive, please contact the insurer immediately.”
The Florida Attorney General’s Office and the U.S. Department of Health and Human Services, both of which require reporting of certain large data breaches, would not comment on the case. Both cited the ongoing investigation into the matter.
An Attorney General’s Office representative did confirm that the office had been notified but would not say when.
The company itself is now working in alliance with FBI on the investigation of the intrusion to the system, they also mentioned that they are enhancing their existing security measures and protocols to bring a better protection of the database and not let this problem happen again in the near future.