SkinCure Oncology Email Account Breach

By Daniel Lopez

SkinCure Oncology in Burr Ridge, IL has informed 13,434 individuals regarding an email attack that happened in June 2023. SkinCure Oncology has sent personal notifications to patients who had their protected health information (PHI) compromised because of an email breach. Based on the substitute breach notice, it was confirmed by the investigation that an unauthorized third party accessed several email accounts from June 23 to June 25, 2023.

When SkinCure Oncology discovered the unauthorized access to its email accounts, the provider immediately secured those accounts and started an investigation. The investigation confirmed the unauthorized access and breach of some patient records included in the breached accounts. As a safety precaution, SkinCure Oncology analyzed the breached email accounts. On December 6, 2023, it was affirmed that the compromised email accounts included some personal patient data. The types of data that could have been exposed included names, birth dates, medical record numbers, medical backgrounds, and medical insurance data. For some individuals, the driver’s license number, Social Security number, credit card and financial account data were also exposed.

SkinCure Oncology worked with its medical partners to identify the addresses of affected individuals and notify them as soon as possible. The delay in sending individual notifications was because it took longer for SkinCure Oncology to track down the updated address information. The substitute breach notice did not say if the practice offered free credit monitoring and identity theft protection services.

Starting on June 28, 2024, SkinCure Oncology mailed the notification letters to the people whose data was affected by the incident. As per HIPAA, SkinCure Oncology is keen to protect the privacy of data entrusted to it and apologizes for the trouble caused by this incident.

Affected individuals need to read the mailed notification to know the steps they can undertake to secure themselves. As a protective measure, individuals should stay alert to safeguard themselves against possible fraud and/or identity theft. They should review their account statements and check their credit reports carefully. In case of suspicious transactions on their account, they must immediately inform the financial company about the fraudulent activity or identity theft and report it to the appropriate law enforcement body, including the police and their state’s attorney general. There are also tips from the Federal Trade Commission (“FTC”) regarding fraud alerts, security/credit freezes, and recommendations to avoid identity theft.

Those who need more details about this incident may visit www.ftc.gov/idtheft or call FTC at 1-877-ID-THEFT (1-877-438-4338). A toll-free inquiry line (866) 528-8844 is also available for support from 8:00 AM to 5:30 PM CST, Monday to Friday.

Photo credits: SkinCure Oncology / AdobeStock
Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Daniel Lopez

Daniel Lopez is the HIPAA trainer behind HIPAA Coach and the HIPAA subject matter expert for NetSec.news. Daniel has over 10 years experience as a HIPAA coach. Daniel provides his HIPAA expertise on several publications including Healthcare IT Journal and The HIPAA Guide. Daniel has studied Health Information Management before focusing his career on HIPAA compliance and protecting patient privacy. You can follow Daniel on Twitter / X https://twitter.com/DanielLHIPAA