The New World of Medicine: AI Doctors

Dr. Adam Oskowitz and Matt Pavel, the founders of Doctronic, are set to explore new artificial intelligence tools aimed at helping individuals “understand their health” and improve communication with doctors in an upcoming episode of “America Reports.”

Healthcare organizations are often targets for cyberattacks, mainly because they typically lack robust cybersecurity measures. The sensitive data they hold is incredibly valuable, making them willing to pay significant amounts to regain access after a breach. Recently, several cancer centers across the United States have fallen victim to such attacks.

The coordinated phishing campaigns have compromised sensitive patient information at several cancer treatment centers linked to the Integrated Oncology Network (ION), which is based in Tennessee.

Key Facts About Cancer Treatment Violations

From December 13 to 16, 2024, attackers accessed employee emails and SharePoint accounts, as reported to state regulators and the U.S. Department of Health and Human Services.

These breaches exposed protected health information, including names, addresses, birth dates, diagnoses, lab results, treatment histories, insurance details, and in some instances, Social Security numbers and financial information. Although ION claims there’s no current evidence of misuse, they are offering free credit monitoring, dark web surveillance, and identity theft protection for those affected.

A notification about the breach was sent to the impacted practices on June 13, 2025, with patient letters beginning to be mailed out on June 27.

Investigators suggest that these phishing attempts may be designed to gather data for more extensive fraud schemes. While SharePoint access was also compromised, email data collection seems to be the primary goal. ION has since enhanced its cybersecurity protocols and provided more training for its staff.

Practices Affected by the Breach

So far, at least 11 practices have reported breaches. Here are some of the most impacted:

• Rocky Mountain Oncology Care: 10,268 individuals
• E+ Oncology Louisiana, LLC: 8,270
• California Cancer Associates – Fresno: 7,670
• Mojave Radiation Oncology Medical Group: 4,403
• South Georgia Center for Cancer Treatment: 4,108
• Pet Imaging in Tulsa: 3,159
• Acadiana Radiation Therapy, LLC: 2,219
• Dallas Northeast Pet Imaging: 1,935

Additional affected practices include imaging and radiation centers in Texas, Louisiana, and North Florida, totaling over 130,000 individuals affected. Such breaches are recorded by the HHS Civil Rights Violation Agency, which keeps track of healthcare data exposures affecting more than 500 people.

How to Protect Yourself from Cancer Treatment Violations

The recent phishing incidents involving Aeon-related cancer centers have compromised sensitive patient information like contact details and medical records. To reduce your risk—whether or not you’re directly affected—consider these actions:

1) Avoid Clicking on Suspicious Links

These data breaches have enabled attackers to get access to contact details. It’s best not to click on unexpected emails or messages, even if they appear to be legitimate. Installing robust antivirus software on all your devices is essential for protecting against malware and phishing attempts.

2) Consider Using a Personal Data Removal Service

Your contact information may be exposed in an AEON violation, making it susceptible to spam and scams. You might want to look into a data deletion service that can scrub your personal information from data broker websites.

3) Use Unique Passwords Across All Accounts

Reusing passwords heightens your risk—if one password is compromised, it could lead to multiple accounts being hacked. Employ a Password Manager to help create and securely store different passwords.

4) Sign Up for Identity Theft Protection Services

While ION offers free identity theft and credit monitoring for those affected, it’s wise for everyone to protect themselves. Such services can notify you of unusual activity and assist in recovering stolen identities.

5) Enable Two-Factor Authentication (2FA)

Adding 2FA can serve as an extra layer of protection, making it significantly harder for attackers to gain access, even if they have your password.

6) Monitor Your Financial Accounts

Stay vigilant for unusual charges or unfamiliar accounts. Set alerts through your bank and review your credit reports regularly to catch any fraud early on.

Conclusion

Phishing attacks represent a major threat to healthcare data security, often exploiting weaknesses in email security and employee training. While ION responded quickly to mitigate the breach, the incident underscores how a single phishing campaign can impact thousands of patient records across various locations. It raises an important question: Are healthcare providers doing enough to safeguard patient information?