Cancer Research Facility Reports Massive Data Breach

City of Hope, a major cancer hospital and research institution based in Duarte, Calif., recently reported that data belonging to more than 820,000 of its patients has been compromised.

The breach was discovered in October 2023, according to a memo posted last week on the City of Hope Web site, though a subsequent investigation found that the data compromise spanned nearly a month before it came to anyone's notice.

"On or about October 13, 2023, City of Hope became aware of suspicious activity on a subset of its systems and immediately instituted mitigation measures to minimize any disruption to its operations," the memo said. "City of Hope launched an investigation into the nature and scope of the incident with the assistance of a leading cybersecurity firm, which determined that an unauthorized third party accessed a subset of our systems and obtained copies of some files between September 19, 2023 and October 12, 2023."

City of Hope did not say how many people were affected, but a breach notification posted on the Maine attorney general's office puts the total number at 827,149. Oddly, this notification suggests the breach occurred between July 7, 2023 and Oct. 15, 2023, which is much longer than the window indicated in City of Hope's memo.

The compromised data includes individuals' financial information, as well as patients' health records. City of Hope provides this list:

  • Name
  • Contact information (e.g. , email address, phone number)
  • Date of birth
  • Social Security number
  • Driver's license or other government identification
  • Financial details (e.g. , bank account number and/or credit card details)
  • Health insurance information
  • Medical records and information about medical history and/or associated conditions
  • Unique identifiers to associate individuals with City of Hope (e.g., medical record number)

"Upon discovery of this incident, City of Hope immediately instituted mitigation measures," according to the memo. "We then promptly implemented additional and enhanced safeguards and enlisted the support of a leading cybersecurity firm to enhance the security of our network, systems, and data."

City of Hope has also notified the affected individuals, as well as regulators and law enforcement. So far, it hasn't detected any scams using the compromised data. However, it is offering affected individuals free identity monitoring services through 2026.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Must Read Articles

Welcome to, the new site for healthcare IT Pros looking for insights on cloud and other cutting-edge IT tech.
Sign up now for our newsletter and don’t miss out! Sign Up Today