Cancer Treatment Centers of America alerts 3,904 patients of data breach

Exploit: Phishing attack
Cancer Treatment Centers of America: National, for-profit network of cancer care, research, and outpatient care centers

Risk to Small Business: 1.888 = Severe: On June 6th, the Cancer Treatment Centers of America detected unauthorized email account access at its Philadelphia-based medical center. The account was compromised when an employee fell for a phishing scam in early May, meaning that intruders had access to patient data for more than a month before it was detected. As a result, the company will face enhanced regulatory scrutiny even as they grapple with the technological and public relations implications associated with a data breach.

Individual Risk: 2.142 = Severe: A single phishing scam compromised the personally identifiable information for thousands of patients. This includes their names, addresses, phone numbers, dates of birth, medical record numbers, and other patient-related information. Those impacted by the breach should monitor their accounts for unauthorized access, and they should consider identity or credit monitoring services to help ensure the long-term integrity of their data.

Customers Impacted: 3,904
How it Could Affect Your Customers’ Business: Personally identifiable information can quickly make its way to the Dark Web, and every organization needs a plan for protecting that information in the event of a data breach. At the same time, providing supportive services, like credit or identity monitoring, is a good first step toward repairing the damage and restoring customer confidence in your organization.

Risk Levels:

1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.