DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

21st Century Oncology employee stole patient information for tax refund fraud scheme – feds

Posted on September 24, 2013 by Dissent

Here’s one we may not see on HHS’s public breach list, depending on how many patients were involved.

21st Century Oncology Services, an affiliate of Peninsula Cancer Care Center and 21st Century Oncology of Maryland,  notified the Maryland Attorney General in July that they had been informed by federal law enforcement of an insider breach allegedly linked to a tax refund fraud scheme.

According to their letter, they were notified on May 15 that an employee was being criminally charged for having improperly accessed the protected health information of an unspecified number of their patients.  The data were allegedly provided to a third party who used the names, Social Security numbers, and dates of birth for tax refund fraud.

21st Century Oncology Services reported that based on the federal indictment,  they believe that the improper access occurred between October 11, 2011 and August 8, 2012.  At the time of their July 10 letter, they had not concluded their own internal investigation into how the employee was able to access the information. I have not been able to find any statements on their web site or Peninsula Cancer Care Center’s site providing information on the breach, and 21st Century Oncology did not respond to an e-mail request from PHIprivacy.net for additional details.

Affected patients were offered a free year of credit monitoring.

Now what was I saying about the insider threat in the healthcare sector being under-included in many research analyses and surveys? This is just another example of breaches we generally do not find out about unless journalists like myself start digging through public records or requesting information under Freedom of Information.

Related posts:

  • 21st Century Oncology Notifies Patients of Data Security Incident
  • 21st Century Oncology settlement with HHS over 2015 data breach came with a $2.3 million price tag
  • Preliminary settlement approved in 21st Century Oncology 2015 breach case
  • Choice Cancer Care Treatment Center notifies patients of May data security incident
Category: Health Data

Post navigation

← The DEA Thinks You Have “No Constitutionally Protected Privacy Interest” in Your Confidential Prescription Records
Breach notifications: what really happened vs. what they tell us →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.