Tens of thousands of Americans are staring at the possibility of fraud after thieves stole their information from a healthcare firm.
In a notice to the Office of the Maine Attorney General, the Arkansas-based Highlands Oncology Group says 113,575 Americans are impacted by a massive cybersecurity incident.
-->In a data incident notice posted on its website, Highlands says that an unauthorized entity gained access to its systems and stole files that may include patients’ names, dates of birth, Social Security numbers, driver’s license/state identification numbers, passport numbers, credit/debit card numbers, financial account numbers, medical treatment records, medical record numbers, patient account numbers, and/or health insurance policy records.
“Highlands Oncology Group PA recently discovered a data incident that may have involved the personal information for certain individuals. On June 2, 2025, Highlands discovered it was the victim of a cyber-attack, and certain Highlands files and systems were inaccessible…
The forensic investigation determined that an unauthorized third party accessed Highlands’ computer network at times between January 21, 2025, and June 2, 2025, and encrypted some of its files. The investigation also determined that the third party may have accessed and acquired certain files from Highlands’ systems during this period.”
Highlands offers a full spectrum of cancer care services, including chemotherapy, radiation oncology, surgical oncology, as well as supportive services like rehabilitation, massage, lymphedema therapy, genetic counseling and pharmacy.
The firm says it has sent letters of notification to affected individuals, while offering complimentary identity theft protection services for those whose Social Security numbers, driver’s license or state ID numbers were involved in the incident.
Highlands is encouraging patients to stay vigilant by reviewing their account statements and reporting any suspicious activity that could suggest fraud or identity theft.
