Highlands Oncology Group hit by ransomware attack affecting over 113,000 patients

Highlands Oncology Group, an Arkansas-based cancer treatment center, is reporting a ransomware attack that compromised the personal and medical information of 113,575 patients. 

The incident was discovered on June 2, 2025 and was claimed by the Medusa ransomware group. The investigation concluded that unauthorized access had occurred between January 21, 2025, and June 2, 2025

On June 19, 2025, Medusa added Highlands to its dark web leak site with a ransom demand of $700,000 to either delete the stolen data or provide it for download.

The exposed data types have not been disclosed. Highlands Oncology Group confirmed that 113,575 individuals were affected. Based on the the organization industry, the breach likely involved protected health information (PHI) commonly maintained by oncology practices.