On July 10, 2025, Integrated Oncology Network (ION) publicly disclosed a significant data breach that affected numerous affiliated cancer care providers and compromised the sensitive personal and medical information of thousands of patients.
The breach was linked to an email phishing incident that allowed unauthorized access to ION systems. According to ION's official breach notice, the exposed data includes individuals’ names, dates of birth, home addresses, financial account details, Social Security Numbers (for a limited number of patients), health insurance and claims information, provider names, and detailed medical data such as diagnoses, lab results, prescribed medications, and treatment history.
The impacted entities span a wide network of cancer care and imaging centers, including California Cancer Associates for Research and Excellence San Diego, Fresno, and High Desert locations; Lake City Cancer Care, LLC; Rocky Mountain Oncology Care; Radiation Oncology Network of Southern California, LLC; PET Imaging centers in Tulsa, Sugar Land, Dallas Northeast, and The Woodlands; and others such as South Georgia Center for Cancer Care, Mojave Radiation Oncology Medical Group, and Bardmoor Cancer Center.
According to Lynch Carpenters' notice of investigation, “Integrated Oncology Network (“ION”) recently announced a data breach, which impacted multiple cancer care providers and compromised the personal information of thousands of individuals.”
Related: HIPAA Compliant Email: The Definitive Guide (2025 update)
A data breach occurs when sensitive, confidential, or protected information is accessed, disclosed, or stolen by unauthorized individuals.
They can result from cyberattacks (like phishing, ransomware, or hacking), lost or stolen devices, insider misuse, or inadequate security systems.
Medical records contain detailed, unchangeable personal data that criminals can use for identity theft, medical fraud, blackmail, or resale on the dark web. Unlike passwords, health data cannot be reset.