Cancer treatment provider 21st Century Oncology Holdings has warned 2.2 million patients and employees that their sensitive data may have been stolen in a cyberattack.
The breach was revealed on March 4, but the Florida-based cancer clinic chain was informed of the cyberattack and information theft on November 13, 2015, by the FBI. The US law enforcement agency knew about the attack but asked 21st Century Oncology to keep quiet until an investigation into the incident was complete.
The cyberattackers accessed a key database in early October. Although no details concerning how the cybercriminal managed to compromise the company's network, they were able to access and steal data including patients' names, Social Security numbers, physicians' names, diagnosis and treatment information, as well as insurance records.
As noted by Threatpost, the data breach may impact up to 2.2 million patients and physicians.
However, the clinic chain says there is no evidence to suggest medical records were part of the haul.
In a statement, 21st Century Oncology said:
"Now that law enforcement's request for delay has ended, we are notifying patients as quickly as possible. We continue to work closely with the FBI on its investigation of the intrusion into our system.
In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future."
The medical group is offering those affected a year of free credit monitoring.
21st Century Oncology's data breach is the latest incident which highlights a growing trend of core services being struck by cyberattacks. Medical information and sensitive data linked to these records -- such as names, addresses and Social Security numbers -- are all valuable elements which can be sold off in underground markets and used in identity theft.
Last month, two German hospitals were held to ransom by malware and cybercriminals demanded a fee in Bitcoin to release critical files. While both hospitals refused to bow to the cyberattacker's demands, in a separate incident, the Hollywood Presbyterian Medical Center, also hit with ransomware, paid a $17,000 fee to resume normal operations.
Top gadgets and apps to protect your mobile devices
Read on: Top picks