City of Hope, a renowned non-profit clinical research and cancer treatment center in Duarte, California, has disclosed a significant cyberattack impacting the personal and protected health information of 827,149 individuals. The breach was detected on October 13, 2023, prompting immediate action to secure systems and initiate forensic investigations to determine the extent of the incident. Working alongside a third-party cybersecurity firm, City of Hope confirmed unauthorized access to systems between September 19, 2023, and October 12, 2023, with copies of certain files exfiltrated during this period.
The delay in issuing notifications stemmed from the comprehensive review needed to assess the compromised systems and identify the breadth of the data breach. Investigations are ongoing, but City of Hope has affirmed that the compromised files contained a range of personal and protected health information, including names, contact details, Social Security numbers, and medical records. Understanding the severity of the breach, City of Hope swiftly implemented additional security measures and enlisted a leading cybersecurity firm to bolster network, system, and data protection.
Affected individuals, primarily located in California, are being informed via mail about the breach and offered two years of complimentary credit monitoring and identity theft protection services. As City of Hope prioritizes transparency and support for those impacted, efforts are underway to mitigate potential harm and reassure individuals about the security of their information moving forward. This cyberattack underscores the persistent threat faced by organizations handling sensitive data and emphasizes the critical importance of robust cybersecurity measures and prompt incident response strategies in safeguarding individuals’ privacy and security.
