A sophisticated phishing attack has compromised sensitive patient data across several oncology practices affiliated with Integrated Oncology Network.
A phishing attack has impacted several cancer care providers within the Integrated Oncology Network (ION), resulting in unauthorized access to employee email and SharePoint accounts. According to breach notifications issued by the affected entities, the incident occurred over a three-day period between December 13 and December 16, 2024.
The compromised accounts contained protected health information, including patient names, addresses, dates of birth, Social Security numbers, diagnoses, lab results, medications, and financial account information. ION confirmed that the attackers gained access through a targeted phishing campaign that also reached internal collaboration tools like SharePoint.
ION responded quickly by securing affected accounts and launching a forensic investigation to assess the scope of the breach. The investigation concluded that while data was exposed, there was no current evidence of misuse. Nonetheless, affected individuals are being offered complimentary credit monitoring, dark web monitoring, and identity restoration services.
ION sent breach notifications to impacted oncology practices on June 13, 2025, and began mailing letters to affected patients on June 27. Workforce members have also received updated cybersecurity training to reduce future risks.
Reports from the incident are now appearing on the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) breach portal. The full list of impacted entities so far includes:
ION stated that the phishing campaign was likely directed at carrying out further fraud schemes using the compromised employee accounts. Although SharePoint access was also involved, the intent appeared to focus on email-based data harvesting. The organization stated that additional training has since been implemented and that security protocols are being reviewed.
The incident reflects ongoing phishing risks facing healthcare providers, particularly through email systems and collaborative platforms used in day-to-day operations. Although no misuse of data has been confirmed, the number of affected individuals across several practices points to the potential scale of impact when access controls or user awareness fall short.
Healthcare systems store a wide range of valuable personal, financial, and medical information, making them attractive targets for phishing campaigns aimed at identity theft or insurance fraud.
SharePoint is a Microsoft tool used for document sharing and collaboration. Unauthorized access could expose internal documents or workflows that may include sensitive health or operational data.
Patients should take advantage of the credit and identity monitoring services offered, change any reused passwords, and remain alert to suspicious financial or healthcare activity.
While no system is immune, phishing risks can be reduced through regular staff training, multi-factor authentication, and email filtering tools that detect suspicious messages.
Yes. When a parent organization like ION experiences a coordinated attack affecting shared systems or platforms, multiple affiliated practices may be impacted and are required to report breaches individually.