BRADENTON, Fla. (WFLA) – Better Call Behnken has learned that the personal information of 41,948 patients of Cancer Treatment Centers of America was potentially compromised in a data breach, according to letters sent to some patients or their families.
Medical information, including cancer type and insurance benefits, was possibly accessed by cyber criminals.
CTCA, based in Boca Raton, is the latest in a growing list of medical companies to announce that it was the victim of cyber hackers.
The chain of hospitals sees patients across the country at hospitals in Atlanta, Chicago, Philadelphia, Phoenix and Tulsa.
According to the letter, an employee of CTCA was the victim of an online phishing attack.
“The employee had provided their network log-in credentials in response to a fraudulent email that appeared to come from a CTCA executive,” the letter says.
It goes on to say their investigation was unable to determine whether the unauthorized user actually accessed any personal information.
“The personal information included your name and may have also included medical record number, facility treatment dates, physician name, cancer type, and/or health insurance information. Your social security number was not included, and no financial information was involved.”
One of these letters was sent to Gerrie Milam, who lives in Bradenton.
Her husband, Bill, was a patient of CTCA and passed away in May 2016. She is especially troubled by the breach because of a medical statement she received days before the received the CTCA letter.
It was for medical services for her husband in July 2018, two years after his death.
“Every time I get mail in his name, it rips my heart apart,” Milam said. “I throw junk mail away, but this was different.”
The letter from CTCA is addressed to Milam’s husband and goes on to warn patients to closely check their Explanation of Benefits, sent from their insurance companies, to insure all charges and named services are corrected.
That’s what concerns Milam most because she says she also received notification from her prior insurance company that someone tried to use her husband’s healthcare benefits. That news was heartbreaking.
“He was the love of my life,” Milam said. “All my life, all I wanted was to grow old with the love of my life, and now that won’t happen. It’s painful. Now, two years later, someone is using his health information and his insurance. It’s unbelievable.”
Milam turned to Better Call Behnken for help making sure she will not be held responsible for any medical charges as a result of this breach.
A spokeswoman for Cancer Treatment Centers of America sent this statement to Better Call Behnken:
Cancer Treatment Centers of America® (CTCA) was the target of a phishing attack in which an employee email account was compromised. We promptly took action to restrict unauthorized access to the email account and opened an investigation into this matter. We were unable to determine whether an unauthorized user actually accessed any personal information. As a result, we notified patients whose name, and potentially other personal information, was contained in the email account. For a very small number of patients the information also included social security numbers. No financial information was involved. CTCA® takes patient privacy very seriously. We have provided additional training to our staff and remain committed to protecting patient privacy and security.