Threat Actor: Unknown
Victim: City of Hope
Key Points:
* City of Hope, a renowned cancer research and treatment center, suffered a data breach.
* The breach impacted over 827,000 individuals.
* Personal and health information of the victims was compromised.
* The compromised information included names, contact information, social security numbers, financial details, medical records, and unique identifiers.
* The breach occurred between July 7, 2023, and October 15, 2023, and was discovered on March 25, 2024.
* City of Hope immediately implemented mitigation measures upon discovering the breach.
* Law enforcement was notified, and an investigation was launched with the assistance of a cyber security firm.
* The threat actors accessed a subset of the organization’s systems and obtained copies of some files.
* While there is no indication of identity theft or fraud resulting from the breach, social security numbers were compromised.
* City of Hope is offering two years of complimentary credit monitoring services to the impacted individuals.
* The monitoring services include credit monitoring, fraud consultation, and identity theft restoration.
City of Hope is a renowned cancer research and treatment center located in Duarte, California, United States. It is recognized for its comprehensive cancer care, innovative research, and compassionate patient support services.
City of Hope suffered a data breach, the organization started notifying 827149 individuals that their personal and health information was compromised.
“While the investigation remains ongoing, the impacted personal information identified thus far varies by individual but may have included name, contact information (e.g., email address, phone number), date of birth, social security number, driver’s license or other government identification, financial details (e.g., bank account number and/or credit card details), health insurance information, medical records and information about medical history and/or associated conditions, and/or unique identifiers to associate individuals with City of Hope (e.g., medical record number).” reads the notice of incident published by the cancer research on its website.
According to the notification letter sent to the impacted individuals, the security breach occurred between July 7, 2023 and October 15, 2023 and was discovered on March 25, 2024. Upon discovery of the security breach the organizations immediately instituted mitigation measures.
The organization notified law enforcement and launched an investigation with the help of a leading cyber security firm. The company determined that threat actors accessed a subset of its systems and obtained copies of some files.
“While there is no indication of any identity theft or fraud occurring as a result of this incident. City of Hope determined that the affected personal information included social security numbers. The investigation remains ongoing.” reads the notification letter.
City of Hope is offering to the impacted individuals two years of complimentary credit monitoring services through Kroll. This identity theft monitoring includes credit monitoring, fraud consultation, and identity theft restoration.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Original Source: https://securityaffairs.com/161481/data-breach/city-of-hope-data-breach.html