Highlands Oncology data breach overview:
- Who: Highlands Oncology Group has disclosed a ransomware attack affecting more than 113,000 patients.
- Why: The Highlands Oncology ransomware attack compromised sensitive personal and medical data.
- Where: The data breach affects multiple states in the United States.
- How to Get Help: Did you receive a letter notifying you that your information was compromised in the Highlands Oncology data breach? See if you’re eligible to pursue compensation.
Highlands Oncology Group has reported a significant data breach affecting more than 113,000 individuals due to a ransomware attack. The breach involved unauthorized access to sensitive personal and medical data, raising serious privacy concerns.
The incident was officially reported on Aug. 1, 2025, following a thorough forensic investigation and patient notification process.
Highlands Oncology first detected unauthorized access on June 2, 2025, but investigations revealed that the attackers had infiltrated the network as early as January 21. During this period, the Medusa ransomware group claimed responsibility, demanding a $700,000 ransom and threatening to publish the stolen data. However, it is unclear if the ransom was paid or if the data was publicly released.
According to the official notice, compromised information includes full names, dates of birth, Social Security numbers, financial account data and medical records.
The breach raises heightened concerns because it involves both financial and protected health information.
Highlands Oncology has taken steps to contain the threat and assess the extent of the compromise, working with cybersecurity experts and law enforcement.
Highlands Oncology strengthens defenses after data breach
The healthcare provider has implemented additional security measures to bolster system defenses and prevent future breaches. It has also filed a breach report with the U.S. Department of Health and Human Services’ Office for Civil Rights, listing 113,575 affected individuals.
Notification letters were mailed to affected individuals on Aug. 1, 2025, in compliance with the Health Insurance Portability and Accountability Act and state data breach disclosure laws.
Highlands Oncology is offering 12 months of complimentary identity protection services through Experian IdentityWorks Credit 3B. These services include credit monitoring, identity restoration and insurance coverage for certain types of fraud. Impacted individuals are encouraged to review financial accounts, insurance claims and credit reports closely and to take advantage of the free monitoring services.
For more information about the Highlands Oncology data breach, individuals can contact Highlands Oncology’s confidential, toll-free inquiry line at 877-250-2776, available from 8:00 a.m. to 8:00 p.m. Central Time, Monday through Friday.
The company is not currently facing legal action over the security incident, but Top Class Actions follows data breaches closely as they sometimes lead to class action lawsuits.
Are you affected by the Highlands Oncology data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- Minn. Attorney General sues TikTok over addictive algorithms targeting children, teens
- Ford class action claims F-150 trucks have oil consumption defect
- Salesforce hit with class action lawsuit over massive data breach affecting Farmers Insurance customers
- FDA recalls Kroger frozen shrimp amid radiation concerns
NEC lawsuit: Families take action against Enfamil and Similac baby formula makers
September 10, 2025 | Legal News
