Highlands Oncology Data Breach Exposes Sensitive Patient Information
What Happened?
Highlands Oncology detected suspicious activity in its network on June 2, 2025, when certain files and systems became suddenly inaccessible. The organization immediately launched an internal investigation, engaged a top-tier forensic cybersecurity firm, and alerted law enforcement.
The investigation determined that unauthorized access occurred between January 21 and June 2, 2025. During this time, the threat actor infiltrated Highlands’ systems, encrypted some files, and may have accessed or exfiltrated personal data stored on the network.
What Information was taken?
Based on the forensic analysis, the compromised files may have included highly sensitive personal information, which could vary for each affected individual. The data potentially exposed in this breach includes:
Full name
Date of birth
Social Security number (SSN)
Driver’s license or state ID number
Passport number
Credit or debit card number
Financial account details
Medical treatment or diagnosis information
Medical record number
Patient account number
Health insurance policy details
Highlands has confirmed that notification letters were mailed on August 1, 2025, to individuals whose information was involved and for whom the organization had a valid mailing address.
What Highlands Oncology Is Doing
Highlands responded swiftly to contain the breach and bolster its cybersecurity defenses. In addition to removing unauthorized access and restoring systems, the organization has taken the following steps:
Enhanced technical safeguards across its network
Partnered with law enforcement and cybersecurity experts
Offered free credit monitoring and identity protection services to affected individuals
What You Can Do to Protect Yourself
In addition to enrolling in the free credit monitoring, Highlands strongly encourages all affected individuals to take the following steps to safeguard their personal information:
Monitor Your Credit Reports
Visit www.annualcreditreport.com or call 1-877-322-8228 to obtain free weekly credit reports from all three major bureaus.Review Financial Statements
Check your bank, credit card, and insurance statements for unusual or unauthorized activity. Report any suspicious charges right away.Place Fraud Alerts or Credit Freezes
You can contact one of the national credit bureaus to place a fraud alert or credit freeze, which makes it harder for identity thieves to open accounts in your name.Report Identity Theft
If you suspect you’re a victim of identity theft, file a report with your local police department and contact the Federal Trade Commission (FTC) at www.ftc.gov/idtheft or 1-877-ID-THEFT (1-877-438-4338).
Contact Information for Credit Bureaus
Equifax: www.equifax.com | 1-866-349-5191 | P.O. Box 740241, Atlanta, GA 30374
Experian: www.experian.com | 1-888-397-3742 | P.O. Box 2002, Allen, TX 75013
TransUnion: www.transunion.com | 1-800-888-4213 | P.O. Box 2000, Chester, PA 19016
Legal Help?
Have you recieved the data breach letter from Highland Oncology?
Data breach lawyers can help you understand your rights and potential compensation options. You may be eligible to join a class action lawsuit to recover damages for financial losses, emotional distress, and other repercussions.