2.2 Million SSNs Exposed in Hack Targeting Cancer Patients


What happened?

The identities of 2.2 million current and former patients of 21st Century Oncology are now at risk of medical and financial identity theft following a massive hack of the company’s database.

On March 4, 21st Century Oncology, which operates 145 cancer treatment clinics in the U.S., publicly disclosed the cyber attack in an official filing to the Securities and Exchange Commission.

The company was notified of the data breach by the FBI five months prior but is only just now announcing the attack as to not impede on the FBI’s criminal investigation.

Exposed patient information includes names, Social Security numbers, physician names, diagnoses and treatment and insurance information. These pieces of information can be used to commit identity theft or obtain medical care, drugs or benefits under a false alias — medical identity theft.

Medical identity theft is the fastest growing form of identity theft — in 2013 it accounted for 43 percent of all identity theft incidents. On average, victims spend 200 hours and $13,450 in out-of-pocket expenses to resolve medical identity theft.

It is important to note that 21st Century Oncology employs numerous physicians across the country. If you visited any of the impacted medical practices, even if they were not located at a dedicated 21st Century Oncology facility, your information may have been compromised in this attack.

This disclosure comes two days prior to 21st Century Oncology’s $35 million settlement for Medicare fraud. The company was found guilty of billing Medicare and Tricare patients for unnecessary medical tests between 2009 and 2015, including those performed by staff not trained to conduct them.

21st Century Oncology is continuing to cooperate with the FBI investigation and has contacted an outside cybersecurity firm for additional assistance.

What should you do?

Due to the sensitive nature of the information that has been exposed, current and former 21st Century Oncology patients should be vigilant about minimizing their risks, including taking the following actions:

  • Check your credit report
    Exposed Social Security numbers may be used to open new lines of credit in your name. Catch identity theft early by reviewing your credit report for unfamiliar accounts. You are entitled to a free annual credit report at AnnualCreditReport.com.
  • Consider a credit freeze
    A credit freeze locks your credit file from potential creditors so new lines of credit cannot be opened in your name. To enact a credit freeze, you must contact each of the three major credit monitoring bureaus (Experian, Equifax and TransUnion).
  • File your taxes early
    The information exposed in this breach may be used to facilitate tax identity theft. File your taxes early to avoid having a thief get your tax refund first.
  • Search for your physician
    Due to 21st Century Oncology’s extensive network, it is vital you utilize their Physician Finder tool to see if your provider is under their umbrella. If so, please contact 21st Century Oncology directly to discuss whether your information was compromised. 
  • Watch for phishing attempts via phone or email
    In previous healthcare breaches, phishing attacks were the most common threat consumers faced. Learn how to spot a phishing scam.
  • Review your Explanation of Benefits
    Your Explanation of Benefits (EOB) will outline all of the procedures and prescriptions you’ve recently received and will be the best indicator of medical identity theft. If someone fraudulently seeks care, drugs or benefits using your information, it will appear on this form.
  • Enroll in complimentary identity protection
    21st Century Oncology is offering impacted individuals one year of free identity theft protection services. Enrollment information will be provided via mail. Those with fraud protection services powered by EZShield will continue to have their information monitored. Should you receive any alerts, log into your dashboard and review it as soon as possible.

Fighting Identity Crimes will keep you updated as new information becomes available about the 21st Century Oncology data breach. Be sure to subscribe to our blog to stay up-to-date with the latest identity theft and fraud news.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is General Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.


  1. Its a scam,,,I waited 3 months They keep telling me they are backed up. I was directed to protect my ID,,no one would give me a code to activate a free yr of protection,as they stated in letter.

    • Hi James,

      I’m sorry to hear about your ordeal with 21st Century Oncology’s post-breach protection services. Since Social Security numbers were exposed, I highly recommend placing a credit freeze on your credit report. A credit freeze makes it difficult for identity thieves to open new lines of credit in your name. Contact each of the major credit reporting bureaus to place a freeze. As always, if you are an EZShield customer, please call our Resolution team and we would be happy to assist you.

      * Equifax — 1-800-349-9960
      * Experian — 1‑888‑397‑3742
      * TransUnion — 1-888-909-8872
      * EZShield Resolution Center – 1-888-439-7443

      For more information on credit freezes, please check out my other blog post: 9 Credit Freeze Myths Debunked


Leave a Comment.