Analecta Cyber Company Blog: Security Breach at 21st Century Oncology Should Be Seen As A Warning

2016-03-21

Security Breach at 21st Century Oncology Should Be Seen As A Warning

21st Century Oncology is one of the leading providers of cancer care services and is recognized as the largest provider of oncology radiation. It is also considered one of the largest groups of urologists in the United States. For more than three decades, their facilities have provided state-of-the-art radiation therapy and other cancer treatments while focusing on continuous innovation.

Despite all of these efforts, 21st Century Oncology Holdings recently suffered a network breach. One of the company’s databases may have been compromised. The database contained personal information for approximately 2.2 million patients, including names, Social Security numbers and insurance data. The patients’ physicians, diagnoses and treatment were also compromised. The affected facilities amount to 145 cancer treatment centers in the United States and 36 in Latin America operated by Fort Myers, Florida-based 21st Century Oncology.

FBI Involvement

The FBI notified the radiation oncology provider of the breach last November. The FBI advised the company not to publicly disclose any information so that their investigations wouldn’t be affected. Investigations determined that the actual attack happened in early October when attackers accessed the database.

21st Century Oncology stated that health care records were not compromised though that information was most likely the attacker's target. Authorities said patient’s records can sell for more than 50 times the amount of credit card numbers on the black market. That is the main reason why cyber-criminals specifically set hospitals and medical facilities as their primary target.

Even though the facility utilizes numerous state-of-the-art equipment for patient treatment, they do not have the necessary system and infrastructure that could overcome new cyber threats.

This case of network breach demonstrates a new trend in healthcare and medical hacking that now extends even to the technologically advanced nursing facilities like X-ray and MRI centers, surgical centers, cancer treatment facilities, dialysis centers, diagnostic labs and others.

This also shows that even large healthcare networks spanning numerous areas remain under constant and sophisticated attacks. And these sophisticated attackers continue to evolve more advanced and continuously beat cybersecurity defenses and IT security groups. This should signal that IT security providers need to exert more effort to keep up with the new and evolving threats.