SkinCure Oncology, based in Burr Ridge, Illinois, has notified 13,434 patients about a data breach involving their protected health information. The breach occurred between June 23 and June 25, 2023, when multiple email accounts were accessed by an unauthorized third party. It took several months of investigation to determine that sensitive information, including names, birth dates, medical records, and health insurance information, had been compromised in the attack.
A comprehensive review of the affected email accounts revealed that, in some cases, more personal data had been exposed, such as Social Security numbers, driver’s license numbers, financial account information, and credit card details. SkinCure Oncology confirmed that the information was likely viewed and potentially obtained by the attacker. However, the extent of the exposure varied between individuals, adding complexity to the notification process.
One of the reasons for the delay in notifying affected patients was the time it took to locate accurate and up-to-date address information. SkinCure Oncology and its practice partners worked to ensure that the individual notifications reached the correct recipients. The breach was first confirmed in December 2023, and efforts were made to notify those affected as soon as possible afterward.
Although SkinCure Oncology has advised patients to be vigilant against identity theft and fraud, the company has not offered complimentary credit monitoring or identity theft protection services. Patients with concerns can reach out to SkinCure Oncology’s helpline for further information. The helpline is available Monday to Friday during business hours to assist those who may need guidance or reassurance following the breach.