DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cancer Treatment Centers of America in Atlanta discloses three phishing incidents in 6 months

Posted on October 7, 2019 by Dissent

The Cancer Treatment Centers of America (CTCA) has had its name cross my desk a lot this past year. And that’s not a good thing. There have been five Cancer Treatment Centers of America breach notices that have been publicly disclosed since November 2018. Three of them involved the Southeastern Regional Medical Center in Atlanta, Georgia.

In November 2018, CTCA at Western Regional Medical Center in Phoenix, Arizona notified HHS that 41,948 patients were potentially affected by a phishing incident that occurred in May 2018.

In May 2019, CTCA at Southeastern Regional Medical Center in Georgia notified HHS that 16,819 patients were being notified of a phishing incident that occurred in March 2019.

Two months later, CTCA at Eastern Regional Medical Center in Philadelphia, Pennsylvania notified HHS that 3,904 patients were being notified of a phishing incident that occurred in May. And on the same day, Southeastern Regional Medical Center in Atlanta also notified HHS of yet another phishing incident that they had experienced. This one reportedly impacted 4,559 patients.

On September 27, two months after their second report, CTCA at Southeastern Regional Medical Center notified HHS of yet a third incident involving phishing. This one potentially impacted 4,559 patients.

Breach notification link on home page of CTCA Atlanta.
CTCA’s home page for Atlanta’s hospital shows links to two breach notices. Can the third be far behind?

Not seeing the third breach listed on their web site, DataBreaches.net reached out to CTCA at Southeastern Regional Medical Center to confirm that the third incident really was a new incident and not just a revision of one of their earlier reports. This site also asked the somewhat obvious question as to what CTCA was going to do to prevent these recurring breaches involving phishing.

Abigail Obre, National Manager, External Affairs & Communications for CTCA sent the following statement to DataBreaches.net:

Two employees at CTCA Atlanta recently fell victim to sophisticated phishing attacks that may have involved certain personal information about some of our patients. Upon learning of this suspicious activity, we immediately took measures to curtail the suspected access, promptly opened investigations and retained a nationally recognized forensics firm to assist us. No patient Social Security numbers or financial information were involved. We take our responsibility to safeguard personal information seriously and remain committed to protecting patient privacy and security. We have implemented enhanced controls and heightened our security training programing (sic) to help ensure this does not happen in the future.

I would be surprised if any of my readers actually believed that providing more security training to help prevent phishing attacks is likely to ensure that they do not happen again. So what kinds of enhanced controls is CTCA implementing? They wouldn’t say, stating that

We do not believe providing information about specific enhancements or controls we’ve implemented would be in the best interests of patient privacy.

Well, I can certainly understand not wanting to publicly identify all your security measures, but after three breaches in six months, I think more information might be in order if you want to reassure patients that you’ve got things under control.

And will HHS OCR have anything to say about three incidents in six months? It would seem that they might, but maybe they have different priorities.

Related posts:

  • Cancer Treatment Centers of America Notifies Almost 42,000 Patients of Possible Access to Their Protected Health Information
  • Updating: CaptureRx incident impacted more than 2.4 million. List of Entities.
  • Victims of W-2 phishing scams (2017 list)
Category: Breach IncidentsHealth DataPhishingU.S.

Post navigation

← NE: CHI Health says ransomware incident may have exposed info of patients at Lakeside Hospital’s orthopedic clinic
Public dataset to help researchers predict malicious activity →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.