On March 4, 2016 21st Century Oncology Holdings, Inc. released a press statement announcing that the company was investigating a cyber attack by an unauthorized third party into its network systems. The statement went on to outline the details of the attack and how they became aware of the data security breach and is as follows.
According to 21st the FBI contacted the company on November 13, 2015 to alert them to the fact that highly sensitive personal data was illegally obtained by a third party who had gained access to the 21st Century database systems. According to the FBI’s investigation the cyber breach likely occurred on October 3, 2015 and contained some of 21st Century’s patient information such as names, social security numbers, insurance information, physicians, and diagnoses and treatment plans.
21st Century asserts that the FBI requested that they delay notifying the public of the cyber breach until today (March 4, 2016) in order for the FBI to be able to conduct its investigation. Now that the FBI has given the go ahead 21st Century is allowed to notify those who may have been affected and is doing so as fast as is possible.
Century stated that they were conducting their own internal investigation and continues to work with the FBI on the cyber breach matter. Purportedly there are no indications that patient information that was illegally obtained has been misused thus far. However, in an effort to reduce future risk to its customers Century is offering one free year of identity theft protection to its customers who may have had their information stolen in the 21st Century cyber breach.
The press release concluded with the company’s assurances that they remain committed to securely maintaining and protecting their patient’s privacy and personal information, offering consumer help call center number and information and a link to a 21st Century website for assistance or questions.
UPDATE: Since the 21st Century breach announcement there have been 4 class-action lawsuits have been filed in the U.S. District Court against 21st Century Oncology for failure to adequately protect patient information.
The suit alleges that this was not the first breach at 21st Century Oncology, according to the Bradenton News’ investigative reporting. Additionally the company settled 2 other criminal lawsuits one for $19.7 million based on fraudulent billing to federal healthcare programs for medically unnecessary laboratory testing and another for $34.7 million to settle a Medicare fraud suit. Both of those lawsuits were due to whistleblower information to federal authorities.