Highlands Oncology Reports Massive Ransomware Breach Affecting Over 113,000 Patients
Highlands Oncology Group, a U.S.-based healthcare provider, disclosed a ransomware attack that compromised the sensitive personal and medical data of 113,575 individuals. The breach, detected on June 2, 2025, was later traced back to unauthorized network access as early as January 21, 2025. The Medusa ransomware group claimed responsibility, demanding a $700,000 ransom and threatening to publish stolen data though it remains unclear whether the ransom was paid or if the data was leaked.
The exposed information includes full names, dates of birth, Social Security numbers, financial account details, and medical records, raising significant privacy and identity theft risks. Highlands Oncology has offered 12 months of free identity protection services through Experian IdentityWorks Credit 3B, covering credit monitoring, identity restoration, and fraud insurance.
Following the breach, the company implemented enhanced security measures, conducted a forensic investigation, and reported the incident to the U.S. Department of Health and Human Services’ Office for Civil Rights. Notification letters were mailed to affected individuals on August 1, 2025, in compliance with HIPAA and state data breach laws. While no legal action has been filed yet, the incident has drawn attention due to its scale and the sensitivity of the compromised data.
Highlands Oncology is working with cybersecurity experts and law enforcement to contain the threat and assess the full extent of the compromise. The breach affects patients across multiple U.S. states. For inquiries, affected individuals can contact the company’s toll-free line at 877-250-2776.
Highlands Oncology Group TPRM report: https://www.rankiteo.com/company/highlands-oncology-ctr
"id": "hig1771136628",
"linkid": "highlands-oncology-ctr",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '113575',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Highlands Oncology Group',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized network access',
'customer_advisories': '12 months of free identity protection services '
'through Experian IdentityWorks Credit 3B (credit '
'monitoring, identity restoration, and fraud '
'insurance)',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Threatened by threat actor',
'number_of_records_exposed': '113575',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Social Security numbers',
'Financial account details',
'Medical records']},
'date_detected': '2025-06-02',
'date_publicly_disclosed': '2025-08-01',
'description': 'Highlands Oncology Group, a U.S.-based healthcare provider, '
'disclosed a ransomware attack that compromised the sensitive '
'personal and medical data of 113,575 individuals. The breach '
'was traced back to unauthorized network access as early as '
'January 21, 2025, and was detected on June 2, 2025. The '
'Medusa ransomware group claimed responsibility, demanding a '
'$700,000 ransom and threatening to publish stolen data.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Sensitive personal and medical data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential under HIPAA and state data breach '
'laws',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Unauthorized network access',
'reconnaissance_period': 'January 21, 2025 - June '
'2, 2025'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Threatened',
'ransom_demanded': '$700,000',
'ransomware_strain': 'Medusa'},
'references': [{'source': 'Incident disclosure'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA',
'State data breach laws'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services’ Office for '
'Civil Rights']},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected individuals',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'remediation_measures': 'Enhanced security measures, forensic '
'investigation',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'Medusa ransomware group',
'title': 'Highlands Oncology Ransomware Breach Affecting Over 113,000 '
'Patients',
'type': 'Ransomware'}