City of Hope, a renowned National Cancer Institute (NCI)-designated comprehensive cancer center based in Duarte, California, has found itself at the center of a significant data breach. The City of Hope data breach, spanning from September 19 to October 12, 2023, has impacted a staggering number of individuals, with over 800,000 people falling victim to the breach.
The incident came to light through a notification letter sent out by the City of Hope to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office. While some recipients were notified in December 2023, it wasn’t until late March 2024 that the full extent of the City of Hope data breach was realized.
In a bid to maintain transparency and uphold its commitment to patient care and data security, City of Hope took to its website on April 2 to post an incident notice, reiterating the details outlined in the notification letter.
The center’s statement acknowledges the unauthorized access by third parties to certain systems and the copying of files, some of which may have contained sensitive personal data.
Although there is no evidence of identity theft or fraud stemming from the breach, the City of Hope is keen to inform individuals about the incident and the subsequent steps taken to address it.
“This notice concerns an incident involving unauthorized third-party access to some of City of Hope’s systems and copying of files, including some that may have contained personal information. While there is no indication of any identity theft or fraud occurring as a result of this incident, we want to let you know what happened, and the steps that we have taken in response,” reads the official press statement.
City of Hope Data Breach: In Detail
City of Hope became aware of suspicious activity on a subset of its systems around October 13, 2023. Immediate measures were taken to mitigate the impact, including launching an investigation with the assistance of a leading cybersecurity firm. The investigation revealed that unauthorized third parties had gained access to systems between September 19 and October 12, 2023, and had obtained copies of certain files.
“City of Hope launched an investigation into the nature and scope of the incident with the assistance of a leading cybersecurity firm, which determined that an unauthorized third party accessed a subset of our systems and obtained copies of some files between September 19, 2023 and October 12, 2023. City of Hope has undertaken a detailed review of the files to determine the incident’s impact and has determined that some of these files may have contained personal information,” reads the Official statement.
While the investigation is ongoing, the personal information compromised in the breach varies by individual but may include names, contact details (such as email addresses and phone numbers), dates of birth, social security numbers, driver’s license or other government identification, financial information (such as bank account or credit card details), health insurance details, medical records, information about medical history and associated conditions, and unique identifiers linking individuals with City of Hope, such as medical record numbers.
What City of Hope is Doing to Combat Breach
Upon discovering the breach, the City of Hope promptly implemented mitigation measures and enhanced its security protocols with the assistance of cybersecurity experts. Additionally, the center initiated a thorough investigation, identified affected individuals, notified regulatory bodies, and reported the incident to law enforcement agencies.
To support affected individuals, City of Hope is offering identity monitoring services for two years, free of charge. This cybersecurity measure aims to provide reassurance and assistance to those whose personal information may have been compromised.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
