In March 2015, the US cancer care provider announced that a data breach had exposed 2.2 million patients' data based across all 50 states and internationally.
The company said that hackers broke into a company database in October 2014 and accessed the personal information of patients, including names, Social Security numbers, physician names, diagnosis, treatment data and insurance information. The company said it had "no indication that the information has been misused in any way".
The company filed for bankruptcy in May of 2017.
In December 2017, the company agreed to a $2.3 million fine, issued by the HHS’ Office for Civil Rights, which was covered by their cyber insurance cover.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions