What patient information was compromised in the ION breach?

The exposed data includes names in combination with addresses, dates of birth, Social Security numbers (for a small number of individuals), financial account information, medical diagnoses, laboratory test results, medication information, treatment information and details, health insurance and claims information, healthcare provider names, and dates of treatment and medical services.

How many patients were affected by the ION data breach?

The number of affected individuals has not been disclosed by Integrated Oncology Network.

What type of medical organization is ION?

Integrated Oncology Network (ION) is a group of oncology and urology practices that provides specialized cancer and urological care. One of the affected practices is cCARE (California Cancer Associates for Research & Excellence).

How long did the attackers have access to ION's systems?

The attackers had access to the data for approximately three days, between December 13 and December 16, 2024. During this time, they were able to access email and SharePoint accounts containing sensitive patient information.

What should patients watch for after the ION data breach?

Patients should carefully monitor their healthcare provider statements and health insurance plan communications for any services they did not receive. They should also watch for signs of medical identity theft, monitor financial accounts for suspicious activity, and be cautious of potential phishing attempts using their compromised personal information.

Did ION report the breach to authorities?

Yes, ION filed an official notice with the California Attorney General on June 27, 2025, as required by state data breach notification laws. The organization also began mailing individual breach notification letters to affected patients.

What is cCARE and how is it related to the ION breach?

cCARE (California Cancer Associates for Research & Excellence) is an oncology practice that is part of the Integrated Oncology Network. Patients receiving care at cCARE were among those whose sensitive information was compromised in the ION data breach.

Incident

Data breach at Integrated Oncology Network exposes patient information of cCARE cancer patients

Q: How did the ION data breach occur?

The data breach was caused by an email phishing incident that successfully compromised ION's network security, allowing unauthorized parties to gain access to a number of email and SharePoint accounts containing sensitive patient information.

Q: Which medical practices were affected by the ION breach?

The breach compromised sensitive patient information belonging to individuals receiving care at cCARE (California Cancer Associates for Research & Excellence). ION is a group of oncology and urology practices, and cCARE is one of the affected physician practices.

Q: Is there a helpline for patients affected by the ION breach?

Yes, ION has established a dedicated helpline for affected individuals, available at 855-361-0308, operating Monday through Friday between 8:00 a.m. and 8:00 p.m. Central Time, excluding major U.S. holidays. The organization encourages patients who believe their information may have been involved in the incident to contact this helpline with questions or concerns.

published: June 30, 2025

Learn More

Integrated Oncology Network (ION), a group of oncology and urology practices, is reporting a data breach that compromised sensitive patient information belonging to individuals receiving care at cCARE (California Cancer Associates for Research & Excellence).

The data breach was caused by a email phishing incident that successfully compromised ION's network security, allowing unauthorized parties to gain access to a number of email and SharePoint accounts containing sensitive patient information. The attackers had access to the data between December 13 and December 16, 2024.

Exposed data includes:

Names in combination with addresses
Dates of birth
Social Security numbers (for a small number of individuals)
Financial account information
Medical diagnoses
Laboratory test results
Medication information
Treatment information and details
Health insurance and claims information
Healthcare provider names
Dates of treatment and medical services

The number of affected individuals has not been disclosed.

ION started notifying affected oncology physician practices, including cCARE, on June 13, 2025. The organization filed an official notice with the California Attorney General on June 27, 2025, and began mailing individual breach notification letters to affected patients.

ION has established a dedicated helpline for affected individuals, available at 855-361-0308, operating Monday through Friday between 8:00 a.m. and 8:00 p.m. Central Time, excluding major U.S. holidays. The organization encourages patients who believe their information may have been involved in the incident to contact this helpline with questions or concerns.

As a precautionary measure, ION recommends that potentially affected individuals carefully review statements they receive from their healthcare providers and health insurance plans. Patients are advised to contact their provider or health plan immediately if they notice any services listed that they did not receive, as this could indicate fraudulent use of their compromised information.

Data breach at Integrated Oncology Network exposes patient information of cCARE cancer patients

Read More
Lubbock based Trustpoint Rehabilitation Hospital reports data breach
Qiulong ransomware group claims responsibility for attack on …
Nueces County Texas suffers $58,000 loss in email …
Specialty Networks radiology information systems provider reports data …
Australian Monash Health and Melbourne Polytechnic report third …