Data Security Incident

Highlands Oncology Group PA (“Highlands Oncology”) recently discovered a data incident that may have involved certain individuals’ personal information. On September 26, 2023, Highlands Oncology discovered that it was the victim of a cyber-attack. Upon learning of the incident, Highlands Oncology promptly began an investigation, notified law enforcement, and worked to secure its systems. Highlands Oncology also engaged a forensic security firm to assist with its investigation and confirm the security of our computer systems. The forensic investigation determined that an unknown, unauthorized third party accessed Highlands Oncology’s computer systems between September 25, 2023, and September 26, 2023, and encrypted some of its computer files. The investigation also determined that the third party may have accessed and acquired certain files from Highlands Oncology’s systems during this period.

Highlands Oncology reviewed the contents of the potentially acquired files to determine if they contained any personal information. On November 27, 2023, Highlands Oncology completed its review and determined that the files contained personal information including, depending on the individual, their name, date of birth, Social Security number, driver’s license/state ID number, passport number, military ID number, financial account number, credit/debit card number with and without expiration date and security code, health insurance information, and clinical information, such as diagnosis/conditions, lab results, and prescription information.

Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. Although Highlands Oncology has no evidence that any information may have been misused as a result of this incident, as described in those letters, Highlands Oncology has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license/state ID numbers were involved in the incident. As a precautionary measure, individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Notified individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Notified individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

Highlands Oncology is committed to maintaining the privacy and security of the information entrusted to it. Highlands Oncology has taken, and is taking, additional steps to help reduce the likelihood of a similar event from happening in the future, including enhancing its technical security measures. Individuals seeking additional information may call a confidential, toll-free inquiry line at 888-723-0529 from 8:00 AM to 8:00 PM Central, Monday through Friday, excluding major U.S. holidays.