Cancer Care Center of North Florida Data Breach Affects 1,798 Patients

The Cancer Care Center of North Florida recently disclosed a significant data breach that compromised the protected health information (PHI) of 1,798 patients. This latest incident adds to the growing number of healthcare cybersecurity breaches affecting millions of Americans in 2025.

What Happened

On August 15, 2025, the Cancer Care Center of North Florida officially notified the public about a hacking incident that resulted in unauthorized access to their network server. The breach was discovered as part of a larger cybersecurity incident that affected multiple ION practices across the healthcare network.

According to the breach notification, the affected ION practices were notified between July 11, 2025, and August 6, 2025, indicating that the discovery and investigation process spanned nearly a month. The Cancer Care Center of North Florida confirmed that 1,789 of its patients were specifically impacted by this security incident.

This breach represents another example of how cybercriminals are increasingly targeting healthcare organizations, exploiting vulnerabilities in network servers to gain unauthorized access to sensitive patient information.

Who Is Affected

The breach impacted 1,798 individuals who were patients of the Cancer Care Center of North Florida. Cancer patients are particularly vulnerable populations whose medical information is highly sensitive, including:

• Treatment histories and oncology records
• Personal identifying information (names, addresses, dates of birth)
• Insurance information and billing records
• Medical provider communications
• Prescription and medication data

Given that this facility specializes in cancer care, the compromised information likely includes detailed medical histories, treatment protocols, and other sensitive health data that could be valuable to cybercriminals for identity theft or medical fraud.

Breach Details

Entity: Cancer Care Center of North Florida
Location: Florida
Entity Type: Healthcare Provider
Individuals Affected: 1,798
Breach Type: Hacking/IT Incident
Location of Breach: Network Server
Date Reported to OCR: August 15, 2025
Business Associate Involved: No

The breach occurred on the healthcare provider's network server, which typically stores vast amounts of patient data and serves as a central hub for electronic health records (EHR) systems. Network server breaches are particularly concerning because they often provide attackers with access to comprehensive patient databases.

This incident is part of a broader pattern affecting ION practices, suggesting that multiple healthcare facilities within the same network or technology infrastructure were compromised simultaneously. Such coordinated attacks often indicate sophisticated threat actors targeting healthcare technology vendors or shared systems.

What This Means for Patients

Under HIPAA regulations (45 CFR §164.404), healthcare providers must notify affected individuals of breaches involving their protected health information without unreasonable delay, and no later than 60 days after discovery. The Cancer Care Center of North Florida appears to be following these notification requirements.

For affected patients, this breach means:

• Personal health information may be in the hands of unauthorized individuals
• Risk of identity theft and medical identity theft
• Potential for insurance fraud using compromised information
• Possible phishing attempts targeting affected individuals
• Need for ongoing credit and medical record monitoring

The HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) requires that patients receive clear information about what happened, what information was involved, and what steps they should take to protect themselves.

How to Protect Yourself

If you are a patient of the Cancer Care Center of North Florida or any affected ION practice, take these immediate steps:

Monitor Your Accounts

• Review medical bills and explanation of benefits (EOB) statements for unfamiliar charges
• Check credit reports regularly for unauthorized accounts or activities
• Monitor insurance claims for services you didn't receive

Protect Your Identity

• Place fraud alerts on your credit reports with major credit bureaus
• Consider freezing your credit to prevent new accounts from being opened
• Contact your insurance provider if you notice suspicious medical claims

Stay Vigilant

• Be cautious of phishing emails claiming to be from healthcare providers
• Verify any unexpected communications by calling providers directly
• Report suspicious activity to your healthcare provider and insurance company immediately

Document Everything

• Save all breach notifications and related communications
• Keep records of any steps you take to protect yourself
• Document any suspicious activity or potential fraud

Prevention Lessons for Healthcare Providers

This breach highlights critical cybersecurity vulnerabilities that healthcare organizations must address:

Network Security

• Implement multi-factor authentication for all system access
• Deploy advanced endpoint detection and response systems
• Conduct regular vulnerability assessments and penetration testing
• Maintain network segmentation to limit breach impact

HIPAA Compliance

Under HIPAA's Security Rule (45 CFR §164.308), covered entities must:

• Conduct regular security risk assessments
• Implement administrative, physical, and technical safeguards
• Maintain access controls and user authentication procedures
• Establish incident response procedures

Staff Training

• Provide ongoing cybersecurity awareness training
• Educate employees about phishing and social engineering attacks
• Establish clear incident reporting procedures
• Regular HIPAA compliance training and updates

Business Continuity

• Develop comprehensive incident response plans
• Maintain secure data backups with regular testing
• Establish vendor risk management programs
• Create breach notification procedures that comply with HIPAA timelines

The Broader Healthcare Security Landscape

The Cancer Care Center of North Florida breach is part of a troubling trend in healthcare cybersecurity. In the first half of 2025 alone, healthcare data breaches reported to the OCR affected more than 29 million individuals. This represents a significant increase in both the frequency and scale of healthcare cyberattacks.

Healthcare organizations remain attractive targets for cybercriminals because:

• Medical records contain comprehensive personal information
• Healthcare data sells for high prices on the dark web
• Legacy systems often have security vulnerabilities
• Limited cybersecurity budgets in many healthcare organizations
• Urgent patient care needs can override security protocols

The targeting of multiple ION practices suggests that cybercriminals are increasingly focusing on healthcare networks and shared infrastructure, which can provide access to multiple organizations through a single breach point.

Moving Forward

For patients affected by this breach, the immediate priority is protecting personal information and monitoring for signs of fraud. Healthcare organizations must view this incident as a reminder of the critical importance of robust cybersecurity measures and HIPAA compliance.

The healthcare industry must continue investing in advanced security technologies, staff training, and incident response capabilities to protect patient information and maintain the trust that is essential to quality healthcare delivery.

Learn how HIPAA Agent can help protect your practice.