Beverly Hills Oncology Medical Group, a specialized cancer treatment provider, suffered a data breach between February 7–11, 2025, when cybercriminals gained unauthorized access to its internal network. An investigation concluded on October 13, 2025, confirming that sensitive patient data including full names, Social Security numbers, driver’s license/government IDs, financial account details, credit/debit card information, health insurance data, treatment records, diagnoses, prescriptions, and clinical information was accessed and exfiltrated.The breach exposed highly confidential medical and financial records, posing severe risks of identity theft, financial fraud, and misuse of health data. The incident was disclosed to the California Attorney General’s office on October 31, 2025, with affected individuals notified via mail. The breach’s scope suggests a targeted attack aimed at exploiting vulnerable patient data for malicious purposes, potentially leading to long-term reputational damage, legal liabilities, and regulatory penalties for the medical group.
Source: https://www.claimdepot.com/investigations/beverly-hills-oncology-medical-group-data-breach-2025
TPRM report: https://www.rankiteo.com/company/beverly-hills-cancer-center
"id": "bev1502515110125",
"linkid": "beverly-hills-cancer-center",
"type": "Breach",
"date": "2/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'healthcare (oncology)',
'location': 'Beverly Hills, California, USA',
'name': 'Beverly Hills Oncology Medical Group',
'type': 'medical practice'}],
'attack_vector': 'network intrusion',
'customer_advisories': ['Offer of free Epiq - Privacy Solutions ID '
'membership.',
'Guidance on credit monitoring, fraud alerts, and '
'legal rights.'],
'data_breach': {'data_exfiltration': 'yes (data accessed and removed from '
'network)',
'personally_identifiable_information': ['full name',
'Social Security '
'number',
'driver’s '
'license/government '
'ID number',
'financial account '
'information',
'credit/debit card '
'information'],
'sensitivity_of_data': 'high (includes SSN, medical records, '
'financial data)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'financial information']},
'date_detected': '2025-02-07',
'date_publicly_disclosed': '2025-10-31',
'description': 'Beverly Hills Oncology Medical Group experienced a data '
'breach between February 7, 2025, and February 11, 2025, when '
'a cybercriminal gained unauthorized access to its internal '
'network. An investigation concluded on October 13, 2025, that '
'sensitive personal information of patients may have been '
'accessed and exfiltrated. The breach was disclosed to the '
'California Attorney General’s office on October 31, 2025. '
'Affected individuals are being notified by mail and offered '
'free credit monitoring services (Epiq - Privacy Solutions '
'ID).',
'impact': {'brand_reputation_impact': 'potential reputational damage (ongoing '
'investigation)',
'data_compromised': ['full name',
'Social Security number',
'driver’s license/government ID number',
'financial account information',
'credit/debit card information',
'health insurance policy information',
'treatment information',
'diagnosis information',
'prescription information',
'clinical information'],
'identity_theft_risk': 'high (PII and financial data exposed)',
'legal_liabilities': 'potential lawsuits for compensation (class '
'action investigation by Shamis & Gentile '
'P.A.)',
'payment_information_risk': 'high (credit/debit card and financial '
'account information exposed)',
'systems_affected': ['internal network']},
'initial_access_broker': {'high_value_targets': ['patient PII/PHI',
'financial data']},
'investigation_status': 'completed (as of 2025-10-13)',
'motivation': ['financial gain', 'data theft'],
'recommendations': ['Enroll in free credit/identity monitoring (Epiq - '
'Privacy Solutions ID).',
'Monitor financial accounts for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major bureaus.',
'Seek legal counsel for potential compensation claims.'],
'references': [{'source': 'Shamis & Gentile P.A. (class action investigation '
'page)'}],
'regulatory_compliance': {'legal_actions': ['class action investigation by '
'Shamis & Gentile P.A.'],
'regulations_violated': ['potential HIPAA '
'violations (health data '
'breach)',
'California data breach '
'notification laws'],
'regulatory_notifications': ['California Attorney '
'General’s office '
'(notified on '
'2025-10-31)']},
'response': {'communication_strategy': ['direct mail to affected patients',
'public disclosure to California '
'Attorney General'],
'incident_response_plan_activated': 'yes (investigation '
'conducted)',
'recovery_measures': ['mail notifications to affected '
'individuals'],
'remediation_measures': ['free credit/identity monitoring for '
'affected individuals'],
'third_party_assistance': ['Epiq - Privacy Solutions (credit '
'monitoring)',
'Shamis & Gentile P.A. (legal '
'investigation)']},
'stakeholder_advisories': ['mail notifications to affected patients'],
'threat_actor': 'cybercriminal (unknown specific group)',
'title': 'Beverly Hills Oncology Medical Group Data Breach',
'type': ['data breach', 'unauthorized access', 'data exfiltration']}