Highlands Oncology Group PA
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Highlands Oncology Group PA, based in Fayetteville, Arkansas, experienced a data breach in September 2023, which was discovered on September 26, 2023. The breach involved unauthorized access to the company’s computer network between September 25 and September 26, 2023, during which an unauthorized party encrypted portions of the network and may have accessed and acquired certain files containing confidential patient information[1][4].
The compromised information varied by individual but could include names, dates of birth, Social Security numbers, driver’s license numbers, state ID numbers, passport numbers, military ID numbers, financial account numbers, credit and/or debit card numbers, health insurance information, and medical information such as diagnosis/conditions, lab results, and prescription information[1][4].
Highlands Oncology Group completed its review of the potentially acquired files on November 27, 2023, and began sending out data breach notification letters to affected individuals on December 29, 2023. The letters provided victims with a list of their compromised information and steps they could take to protect themselves[1][4].
The healthcare provider has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license/state ID numbers were involved in the incident. They also advised affected individuals to remain vigilant by reviewing account statements, monitoring credit reports, and reporting any suspicious activity or suspected identity theft to proper law enforcement authorities[4].
Highlands Oncology Group is a healthcare services provider specializing in cancer treatment, offering services such as chemotherapy, diagnostic imaging, radiation therapy, and pharmacy services. The company operates five locations throughout Arkansas, employs more than 367 people, and generates approximately $48 million in annual revenue[1].
The breach affected 55,297 individuals and was one of the significant healthcare data breaches reported in December 2023[8][14]. Highlands Oncology Group has taken steps to enhance its technical security measures to reduce the likelihood of a similar event in the future[4].
Citations:
- https://www.jdsupra.com/legalnews/highlands-oncology-group-notifies-2877754/
- https://highlandsoncology.com
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://highlandsoncology.com/data-security-incident/
- https://dojmt.gov/consumer/databreach/
- https://www.accc-cancer.org/docs/documents/oncology-issues/articles/2021/v36-n1/v36n1-complete.pdf
- https://www.turkestrauss.com/2024/01/03/highland-oncology-group-data-breach-investigation/
- https://www.calhipaa.com/healthcare-data-breach-report-for-december-2023/
- https://www.myinjuryattorney.com/highlands-oncology-group-data-breach-class-action-investigation-and-lawsuit-assistance/
- https://www.hipaajournal.com/hipaa-breaches/
- https://casetext.com/case/goins-v-oakhill-1
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://casetext.com/case/united-states-ex-rel-beck-v-tvg-capital-gp-llc
- https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/