Cancer Care Center of North Florida reports two cyber incidents linked to ION breach

Cancer Care Center of North Florida is notifying patients of two separate data security incidents tied to its parent organization, Integrated Oncology Network (ION), that exposed sensitive personal and medical information.

The first incident occurred between December 13 and December 16, 2024, when a phishing attack allowed unauthorized access to certain email accounts and SharePoint files belonging to multiple ION members. Exposed data included names, addresses, dates of birth, financial account details, diagnoses, lab results, prescriptions, treatment information, insurance records, provider names, and dates of service. A limited number of patients also had their Social Security numbers compromised. Cancer Care Center of North Florida reported that 976 patients at its Lake Butler location were affected.

The second incident involved a network intrusion into ION systems between March 31 and April 10, 2025. ION detected the intrusion on April 11 and said only limited systems were impacted. A review of the affected files is ongoing, but confirmed compromised data includes names, addresses, dates of birth, medical record numbers, diagnoses, diagnostic images and test results, medications, treatment information, insurance details, provider names, service dates, driver’s license numbers, and financial account information.

The hacking incident has impacted multiple ION practices. Notifications were issued between July 11 and August 6, 2025. Cancer Care Center of North Florida said 1,789 of its patients were affected in the intrusion.