SkinCure Oncology recently discovered that an unauthorized party accessed certain email accounts, potentially compromising personal information.
SkinCure Oncology identified that an unauthorized party accessed specific email accounts between June 23, 2023, and June 25, 2023. Upon discovering the incident, the company promptly secured the accounts and initiated an investigation. On December 6, 2023, SkinCure Oncology determined that the compromised email accounts contained personal information, including names, dates of birth, medical record numbers, medical history, health insurance information, and, for some individuals, Social Security numbers, driver’s license numbers, financial account details, and credit card information. From June 28, 2024, on behalf of its practice partners, SkinCure Oncology began mailing notification letters to those individuals whose information was involved in the incident and whom SkinCure Oncology could obtain valid mailing addresses for.
SkinCure Oncology stated, “We value and respect the privacy of information entrusted to us and recognize the inconvenience this incident may have caused.” They urged affected individuals to remain vigilant against potential fraud and identity theft by reviewing account statements and monitoring credit reports closely. In their notice, SkinCure Oncology recommended reporting any suspicious activity to financial institutions and law enforcement authorities.
Related: Unpacking the benefits of cybersecurity in healthcare
SkinCure Oncology's data breach shows the need for enhanced cybersecurity practices in healthcare. Affected individuals should take proactive steps to protect themselves, and healthcare organizations must continually improve their data security measures to prevent future breaches.
Healthcare organizations can prevent data breaches by implementing robust cybersecurity measures, conducting regular security audits, providing staff training on data protection, and ensuring compliance with HIPAA regulations.
Common methods include phishing attacks, ransomware, exploiting vulnerabilities in software, and unauthorized access through compromised credentials.
Related: Tips to spot phishing emails disguised as healthcare communication
Patients whose information has been compromised may face risks such as identity theft, financial fraud, and unauthorized use of their personal and medical data.